@caracalai/admin 0.1.6-rc.3 → 0.2.0-rc.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
package/dist/client.d.ts CHANGED
@@ -1,4 +1,4 @@
1
- import type { AgentListQuery, AgentSession, Application, ApplicationInput, ApplicationPatchInput, AdminAuditEvent, AdminAuditQuery, AuditDetail, AuditEvent, AuditQuery, DCRInput, DecisionTrace, DelegationEdge, DelegationImpact, EffectiveAuthority, Grant, GrantInput, GrantQuery, Policy, PolicyInput, PolicySet, PolicySetSimulation, PolicySetVersion, PolicyTemplate, PolicyValidation, PolicyVersion, Provider, ProviderGrant, ProviderGrantInput, ProviderGrantOAuthAuthorize, ProviderGrantOAuthAuthorizeInput, ProviderGrantRevokeInput, ProviderInput, ProviderPatchInput, Resource, ResourceInput, Session, SessionQuery, AgentSessionRow, AgentSessionQuery, StepUpChallenge, StepUpChallengeSatisfaction, TraverseNode, Zone, ZoneDcrStatus, ZoneInput, ZonePatchInput } from './types.js';
1
+ import type { AuthorityRecord, AuthorityRecordQuery, Application, ApplicationInput, ApplicationPatchInput, AdminAuditEvent, AdminAuditQuery, AuditDetail, AuditEvent, AuditQuery, DCRInput, DecisionTrace, Delegation, DelegationImpact, DelegationTraversal, EffectiveAuthority, Grant, GrantInput, GrantQuery, SubjectIssuer, SubjectIssuerInput, SubjectIssuerPatch, Policy, PolicyInput, PolicySet, PolicySetActivationStatus, PolicySetSimulation, PolicySetVersion, PolicyTemplate, PolicyValidation, PolicyVersion, Provider, ProviderConnection, ProviderConnectionAuthorize, ProviderConnectionAuthorizeInput, ProviderConnectionInput, ProviderConnectionRevokeInput, ProviderInput, ProviderPatchInput, Resource, ResourceInput, Session, SessionQuery, SubjectRevokeInput, SubjectRevokeResult, StepUpChallenge, StepUpDecision, Workload, WorkloadUpdateInput, Zone, ZoneDcrStatus, ZoneInput, ZonePatchInput } from './types.js';
2
2
  export interface AdminClientOptions {
3
3
  apiUrl: string;
4
4
  coordinatorUrl?: string;
@@ -23,6 +23,7 @@ export declare class AdminClient {
23
23
  constructor(opts: AdminClientOptions);
24
24
  withDefaultHeaders(headers: Record<string, string>): AdminClient;
25
25
  private request;
26
+ private listAll;
26
27
  zones: {
27
28
  list: () => Promise<Zone[]>;
28
29
  get: (id: string) => Promise<Zone>;
@@ -37,6 +38,9 @@ export declare class AdminClient {
37
38
  create: (zoneId: string, input: ApplicationInput) => Promise<Application>;
38
39
  patch: (zoneId: string, id: string, input: ApplicationPatchInput) => Promise<Application>;
39
40
  rotateSecret: (zoneId: string, id: string) => Promise<Application>;
41
+ getClientSecret: (zoneId: string, id: string) => Promise<{
42
+ client_secret: string;
43
+ }>;
40
44
  delete: (zoneId: string, id: string) => Promise<void>;
41
45
  dcr: (zoneId: string, input: DCRInput) => Promise<Application>;
42
46
  };
@@ -63,8 +67,8 @@ export declare class AdminClient {
63
67
  version_id: string;
64
68
  version: PolicyVersion;
65
69
  }>;
66
- validate: (content: string, schemaVersion?: string) => Promise<PolicyValidation>;
67
- addVersion: (zoneId: string, id: string, content: string, schemaVersion?: string) => Promise<PolicyVersion & {
70
+ validate: (content: string) => Promise<PolicyValidation>;
71
+ addVersion: (zoneId: string, id: string, content: string) => Promise<PolicyVersion & {
68
72
  version_id: string;
69
73
  }>;
70
74
  delete: (zoneId: string, id: string) => Promise<void>;
@@ -79,15 +83,18 @@ export declare class AdminClient {
79
83
  create: (zoneId: string, name: string, description?: string) => Promise<PolicySet>;
80
84
  addVersion: (zoneId: string, id: string, manifest: {
81
85
  policy_version_id: string;
82
- }[], schemaVersion?: string) => Promise<PolicySetVersion & {
86
+ }[]) => Promise<PolicySetVersion & {
83
87
  version_id: string;
84
88
  }>;
89
+ listVersions: (zoneId: string, id: string) => Promise<PolicySetVersion[]>;
85
90
  simulate: (zoneId: string, id: string, versionId: string, input?: Record<string, unknown>) => Promise<PolicySetSimulation>;
86
- activate: (zoneId: string, id: string, versionId: string, shadowVersionId?: string) => Promise<{
91
+ activate: (zoneId: string, id: string, versionId: string) => Promise<{
87
92
  activated: boolean;
88
93
  version_id: string;
89
- shadow_version_id: string | null;
94
+ outbox_id: string;
95
+ status_url: string;
90
96
  }>;
97
+ activationStatus: (zoneId: string, id: string, versionId?: string, outboxId?: string) => Promise<PolicySetActivationStatus>;
91
98
  delete: (zoneId: string, id: string) => Promise<void>;
92
99
  };
93
100
  grants: {
@@ -96,16 +103,53 @@ export declare class AdminClient {
96
103
  create: (zoneId: string, input: GrantInput) => Promise<Grant>;
97
104
  revoke: (zoneId: string, id: string) => Promise<void>;
98
105
  };
99
- providerGrants: {
100
- create: (zoneId: string, input: ProviderGrantInput) => Promise<ProviderGrant>;
101
- authorizeOAuth: (zoneId: string, input: ProviderGrantOAuthAuthorizeInput) => Promise<ProviderGrantOAuthAuthorize>;
102
- revoke: (zoneId: string, input: ProviderGrantRevokeInput) => Promise<ProviderGrant>;
106
+ subjectIssuers: {
107
+ list: (zoneId: string) => Promise<SubjectIssuer[]>;
108
+ get: (zoneId: string, id: string) => Promise<SubjectIssuer>;
109
+ create: (zoneId: string, input: SubjectIssuerInput) => Promise<SubjectIssuer>;
110
+ patch: (zoneId: string, id: string, input: SubjectIssuerPatch) => Promise<SubjectIssuer>;
111
+ delete: (zoneId: string, id: string) => Promise<void>;
112
+ };
113
+ providerConnections: {
114
+ create: (zoneId: string, input: ProviderConnectionInput) => Promise<ProviderConnection>;
115
+ authorizeOAuth: (zoneId: string, input: ProviderConnectionAuthorizeInput) => Promise<ProviderConnectionAuthorize>;
116
+ revoke: (zoneId: string, input: ProviderConnectionRevokeInput) => Promise<ProviderConnection>;
117
+ };
118
+ workloads: {
119
+ list: (zoneId: string) => Promise<Workload[]>;
120
+ get: (zoneId: string, id: string) => Promise<Workload>;
121
+ create: (zoneId: string, input: {
122
+ name: string;
123
+ }) => Promise<Workload & {
124
+ secret: string;
125
+ }>;
126
+ update: (zoneId: string, id: string, input: WorkloadUpdateInput) => Promise<Workload>;
127
+ rotateSecret: (zoneId: string, id: string) => Promise<Workload & {
128
+ secret: string;
129
+ }>;
130
+ getSecret: (zoneId: string, id: string) => Promise<{
131
+ secret: string;
132
+ }>;
133
+ delete: (zoneId: string, id: string) => Promise<void>;
134
+ };
135
+ authorityRecords: {
136
+ list: (zoneId: string, query?: AuthorityRecordQuery) => Promise<AuthorityRecord[]>;
137
+ };
138
+ subjects: {
139
+ revoke: (zoneId: string, input: SubjectRevokeInput) => Promise<SubjectRevokeResult>;
103
140
  };
104
141
  sessions: {
105
142
  list: (zoneId: string, query?: SessionQuery) => Promise<Session[]>;
106
- };
107
- agentSessions: {
108
- list: (zoneId: string, query?: AgentSessionQuery) => Promise<AgentSessionRow[]>;
143
+ get: (zoneId: string, sessionId: string) => Promise<Session>;
144
+ children: (zoneId: string, sessionId: string, query?: SessionQuery) => Promise<Session[]>;
145
+ suspend: (zoneId: string, sessionId: string) => Promise<{
146
+ suspended: true;
147
+ }>;
148
+ resume: (zoneId: string, sessionId: string) => Promise<{
149
+ resumed: true;
150
+ }>;
151
+ terminate: (zoneId: string, sessionId: string) => Promise<void>;
152
+ effectiveAuthority: (zoneId: string, sessionId: string) => Promise<EffectiveAuthority>;
109
153
  };
110
154
  audit: {
111
155
  list: (zoneId: string, query?: AuditQuery) => Promise<AuditEvent[]>;
@@ -118,32 +162,20 @@ export declare class AdminClient {
118
162
  stepUpChallenges: {
119
163
  list: (zoneId: string) => Promise<StepUpChallenge[]>;
120
164
  get: (zoneId: string, id: string) => Promise<StepUpChallenge>;
121
- satisfy: (zoneId: string, id: string) => Promise<StepUpChallengeSatisfaction>;
122
- };
123
- agents: {
124
- list: (zoneId: string, query?: AgentListQuery) => Promise<AgentSession[]>;
125
- get: (zoneId: string, id: string) => Promise<AgentSession>;
126
- children: (zoneId: string, id: string, query?: AgentListQuery) => Promise<AgentSession[]>;
127
- suspend: (zoneId: string, id: string) => Promise<{
128
- suspended: true;
129
- }>;
130
- resume: (zoneId: string, id: string) => Promise<{
131
- resumed: true;
132
- }>;
133
- terminate: (zoneId: string, id: string) => Promise<void>;
134
- effectiveAuthority: (zoneId: string, id: string) => Promise<EffectiveAuthority>;
165
+ approve: (zoneId: string, id: string, reason?: string) => Promise<StepUpDecision>;
166
+ reject: (zoneId: string, id: string, reason?: string) => Promise<StepUpDecision>;
135
167
  };
136
168
  delegations: {
137
169
  active: (zoneId: string) => Promise<{
138
- items: DelegationEdge[];
170
+ items: Delegation[];
139
171
  next_cursor: string | null;
140
172
  }>;
141
- inbound: (zoneId: string, sessionId: string) => Promise<DelegationEdge[]>;
142
- outbound: (zoneId: string, sessionId: string) => Promise<DelegationEdge[]>;
143
- traverse: (zoneId: string, id: string) => Promise<TraverseNode[]>;
144
- impact: (zoneId: string, id: string) => Promise<DelegationImpact>;
145
- revoke: (zoneId: string, id: string) => Promise<{
146
- revoked_edges: number;
173
+ inbound: (zoneId: string, sessionId: string) => Promise<Delegation[]>;
174
+ outbound: (zoneId: string, sessionId: string) => Promise<Delegation[]>;
175
+ traverse: (zoneId: string, delegationId: string) => Promise<DelegationTraversal[]>;
176
+ impact: (zoneId: string, delegationId: string) => Promise<DelegationImpact>;
177
+ revoke: (zoneId: string, delegationId: string) => Promise<{
178
+ revoked_delegations: number;
147
179
  affected_sessions: number;
148
180
  }>;
149
181
  };
@@ -1 +1 @@
1
- {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EACV,cAAc,EACd,YAAY,EACZ,WAAW,EACX,gBAAgB,EAChB,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,WAAW,EACX,UAAU,EACV,UAAU,EACV,QAAQ,EACR,aAAa,EACb,cAAc,EACd,gBAAgB,EAChB,kBAAkB,EAClB,KAAK,EACL,UAAU,EACV,UAAU,EACV,MAAM,EACN,WAAW,EACX,SAAS,EACT,mBAAmB,EACnB,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EAChB,aAAa,EACb,QAAQ,EACR,aAAa,EACb,kBAAkB,EAClB,2BAA2B,EAC3B,gCAAgC,EAChC,wBAAwB,EACxB,aAAa,EACb,kBAAkB,EAClB,QAAQ,EACR,aAAa,EACb,OAAO,EACP,YAAY,EACZ,eAAe,EACf,iBAAiB,EACjB,eAAe,EACf,2BAA2B,EAC3B,YAAY,EACZ,IAAI,EACJ,aAAa,EACb,SAAS,EACT,cAAc,EACf,MAAM,YAAY,CAAA;AAEnB,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAA;IACd,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,UAAU,EAAE,MAAM,CAAA;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,SAAS,CAAC,EAAE,OAAO,KAAK,CAAA;IACxB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,MAAM,CAAC,EAAE,WAAW,CAAA;IAGpB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACjC;AA2DD,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAQ;IAC/B,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAoB;IACnD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAQ;IACnC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAoB;IACrD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;IACtC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAQ;IAClC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAQ;IAChC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAyB;IACtD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAoC;gBAEvD,IAAI,EAAE,kBAAkB;IAepC,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,WAAW;YAclD,OAAO;IAuErB,KAAK;;kBAEO,MAAM;wBACA,MAAM;wBACN,SAAS;oBACb,MAAM,SAAS,cAAc;qBAC5B,MAAM;MACpB;IAGD,YAAY;uBACK,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,gBAAgB;wBAEhC,MAAM,MAAM,MAAM,SAAS,qBAAqB;+BAGzC,MAAM,MAAM,MAAM;yBAExB,MAAM,MAAM,MAAM;sBAOrB,MAAM,SAAS,QAAQ;MAEtC;IAGD,SAAS;uBACQ,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,aAAa;wBAK7B,MAAM,MAAM,MAAM,SAAS,OAAO,CAAC,aAAa,CAAC;yBAKhD,MAAM,MAAM,MAAM;MAEpC;IAGD,SAAS;uBACQ,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,aAAa;wBAE7B,MAAM,MAAM,MAAM,SAAS,kBAAkB;yBAE5C,MAAM,MAAM,MAAM;MAEpC;IAGD,QAAQ;uBACS,MAAM;sBACP,MAAM,MAAM,MAAM;sBAAuC,aAAa,EAAE;;yBACrE,MAAM,SAAS,WAAW;wBACL,MAAM;qBAAW,aAAa;;4BAIhD,MAAM,kBAAkB,MAAM;6BAK7B,MAAM,MAAM,MAAM,WAAW,MAAM,kBAAkB,MAAM;wBACnC,MAAM;;yBAIlC,MAAM,MAAM,MAAM;MAEpC;IAED,eAAe;;kBAEG,MAAM;MAMvB;IAGD,UAAU;uBACO,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,QAAQ,MAAM,gBAAgB,MAAM;6BAKtC,MAAM,MAAM,MAAM,YAAY;YAAE,iBAAiB,EAAE,MAAM,CAAA;SAAE,EAAE,kBAAkB,MAAM;wBAC1D,MAAM;;2BAInC,MAAM,MAAM,MAAM,aAAa,MAAM,UAAU,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;2BAKtE,MAAM,MAAM,MAAM,aAAa,MAAM,oBAAoB,MAAM;uBACtD,OAAO;wBAAc,MAAM;+BAAqB,MAAM,GAAG,IAAI;;yBAIxE,MAAM,MAAM,MAAM;MAEpC;IAGD,MAAM;uBACW,MAAM,UAAU,UAAU;sBAC3B,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,UAAU;yBACzB,MAAM,MAAM,MAAM;MACpC;IAED,cAAc;yBACK,MAAM,SAAS,kBAAkB;iCAEzB,MAAM,SAAS,gCAAgC;yBAEvD,MAAM,SAAS,wBAAwB;MAEzD;IAGD,QAAQ;uBACe,MAAM,UAAU,YAAY;MAKlD;IAID,aAAa;uBACU,MAAM,UAAU,iBAAiB;MAKvD;IAGD,KAAK;uBACkB,MAAM,UAAU,UAAU;4BAK3B,MAAM,aAAa,MAAM;0BAC3B,MAAM,aAAa,MAAM;MAE5C;IAED,UAAU;uBACa,MAAM,UAAU,eAAe;MAKrD;IAED,gBAAgB;uBACC,MAAM;sBACP,MAAM,MAAM,MAAM;0BACd,MAAM,MAAM,MAAM;MAErC;IAGD,MAAM;uBACiB,MAAM,UAAU,cAAc;sBAKrC,MAAM,MAAM,MAAM;2BACP,MAAM,MAAM,MAAM,UAAU,cAAc;0BAQjD,MAAM,MAAM,MAAM;uBACR,IAAI;;yBACf,MAAM,MAAM,MAAM;qBACT,IAAI;;4BACV,MAAM,MAAM,MAAM;qCAET,MAAM,MAAM,MAAM;MAEhD;IAGD,WAAW;yBACQ,MAAM;mBACC,cAAc,EAAE;yBAAe,MAAM,GAAG,IAAI;;0BAClD,MAAM,aAAa,MAAM;2BAExB,MAAM,aAAa,MAAM;2BAEzB,MAAM,MAAM,MAAM;yBAEpB,MAAM,MAAM,MAAM;yBAElB,MAAM,MAAM,MAAM;2BACH,MAAM;+BAAqB,MAAM;;MAIlE;CACF"}
1
+ {"version":3,"file":"client.d.ts","sourceRoot":"","sources":["../src/client.ts"],"names":[],"mappings":"AAOA,OAAO,KAAK,EACV,eAAe,EACf,oBAAoB,EACpB,WAAW,EACX,gBAAgB,EAChB,qBAAqB,EACrB,eAAe,EACf,eAAe,EACf,WAAW,EACX,UAAU,EACV,UAAU,EACV,QAAQ,EACR,aAAa,EACb,UAAU,EACV,gBAAgB,EAChB,mBAAmB,EACnB,kBAAkB,EAClB,KAAK,EACL,UAAU,EACV,UAAU,EACV,aAAa,EACb,kBAAkB,EAClB,kBAAkB,EAClB,MAAM,EACN,WAAW,EACX,SAAS,EACT,yBAAyB,EACzB,mBAAmB,EACnB,gBAAgB,EAChB,cAAc,EACd,gBAAgB,EAChB,aAAa,EACb,QAAQ,EACR,kBAAkB,EAClB,2BAA2B,EAC3B,gCAAgC,EAChC,uBAAuB,EACvB,6BAA6B,EAC7B,aAAa,EACb,kBAAkB,EAClB,QAAQ,EACR,aAAa,EACb,OAAO,EACP,YAAY,EACZ,kBAAkB,EAClB,mBAAmB,EACnB,eAAe,EACf,cAAc,EACd,QAAQ,EACR,mBAAmB,EACnB,IAAI,EACJ,aAAa,EACb,SAAS,EACT,cAAc,EACf,MAAM,YAAY,CAAA;AAEnB,MAAM,WAAW,kBAAkB;IACjC,MAAM,EAAE,MAAM,CAAA;IACd,cAAc,CAAC,EAAE,MAAM,CAAA;IACvB,UAAU,EAAE,MAAM,CAAA;IAClB,gBAAgB,CAAC,EAAE,MAAM,CAAA;IACzB,SAAS,CAAC,EAAE,OAAO,KAAK,CAAA;IACxB,SAAS,CAAC,EAAE,MAAM,CAAA;IAClB,OAAO,CAAC,EAAE,MAAM,CAAA;IAChB,MAAM,CAAC,EAAE,WAAW,CAAA;IAGpB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,CAAA;CACjC;AAkGD,qBAAa,WAAW;IACtB,OAAO,CAAC,QAAQ,CAAC,MAAM,CAAQ;IAC/B,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAoB;IACnD,OAAO,CAAC,QAAQ,CAAC,UAAU,CAAQ;IACnC,OAAO,CAAC,QAAQ,CAAC,gBAAgB,CAAoB;IACrD,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAc;IACtC,OAAO,CAAC,QAAQ,CAAC,SAAS,CAAQ;IAClC,OAAO,CAAC,QAAQ,CAAC,OAAO,CAAQ;IAChC,OAAO,CAAC,QAAQ,CAAC,YAAY,CAAyB;IACtD,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAoC;gBAEvD,IAAI,EAAE,kBAAkB;IAepC,kBAAkB,CAAC,OAAO,EAAE,MAAM,CAAC,MAAM,EAAE,MAAM,CAAC,GAAG,WAAW;YAclD,OAAO;YAyEP,OAAO;IAcrB,KAAK;;kBAEO,MAAM;wBACA,MAAM;wBACN,SAAS;oBACb,MAAM,SAAS,cAAc;qBAC5B,MAAM;MACpB;IAGD,YAAY;uBACK,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,gBAAgB;wBAEhC,MAAM,MAAM,MAAM,SAAS,qBAAqB;+BAIzC,MAAM,MAAM,MAAM;kCAIf,MAAM,MAAM,MAAM;2BACZ,MAAM;;yBACrB,MAAM,MAAM,MAAM;sBAOrB,MAAM,SAAS,QAAQ;MAEtC;IAGD,SAAS;uBACQ,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,aAAa;wBAK7B,MAAM,MAAM,MAAM,SAAS,OAAO,CAAC,aAAa,CAAC;yBAKhD,MAAM,MAAM,MAAM;MAEpC;IAGD,SAAS;uBACQ,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,aAAa;wBAE7B,MAAM,MAAM,MAAM,SAAS,kBAAkB;yBAE5C,MAAM,MAAM,MAAM;MAEpC;IAGD,QAAQ;uBACS,MAAM;sBACP,MAAM,MAAM,MAAM;sBAAuC,aAAa,EAAE;;yBACrE,MAAM,SAAS,WAAW;wBACL,MAAM;qBAAW,aAAa;;4BAIhD,MAAM;6BAKL,MAAM,MAAM,MAAM,WAAW,MAAM;wBACX,MAAM;;yBAIlC,MAAM,MAAM,MAAM;MAEpC;IAED,eAAe;;kBAEG,MAAM;MAMvB;IAGD,UAAU;uBACO,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,QAAQ,MAAM,gBAAgB,MAAM;6BAKtC,MAAM,MAAM,MAAM,YAAY;YAAE,iBAAiB,EAAE,MAAM,CAAA;SAAE,EAAE;wBAClC,MAAM;;+BAI/B,MAAM,MAAM,MAAM;2BAEtB,MAAM,MAAM,MAAM,aAAa,MAAM,UAAU,MAAM,CAAC,MAAM,EAAE,OAAO,CAAC;2BAKtE,MAAM,MAAM,MAAM,aAAa,MAAM;uBAC5B,OAAO;wBAAc,MAAM;uBAAa,MAAM;wBAAc,MAAM;;mCAInE,MAAM,MAAM,MAAM,cAAc,MAAM,aAAa,MAAM;yBAOnE,MAAM,MAAM,MAAM;MAEpC;IAGD,MAAM;uBACW,MAAM,UAAU,UAAU;sBAC3B,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,UAAU;yBACzB,MAAM,MAAM,MAAM;MACpC;IAED,cAAc;uBACG,MAAM;sBACP,MAAM,MAAM,MAAM;yBACf,MAAM,SAAS,kBAAkB;wBAElC,MAAM,MAAM,MAAM,SAAS,kBAAkB;yBAE5C,MAAM,MAAM,MAAM;MAEpC;IAED,mBAAmB;yBACA,MAAM,SAAS,uBAAuB;iCAE9B,MAAM,SAAS,gCAAgC;yBAKvD,MAAM,SAAS,6BAA6B;MAE9D;IAGD,SAAS;uBACQ,MAAM;sBACP,MAAM,MAAM,MAAM;yBAGf,MAAM,SAAS;YAAE,IAAI,EAAE,MAAM,CAAA;SAAE;oBACZ,MAAM;;yBACzB,MAAM,MAAM,MAAM,SAAS,mBAAmB;+BAIxC,MAAM,MAAM,MAAM;oBACL,MAAM;;4BAGtB,MAAM,MAAM,MAAM;oBAA4B,MAAM;;yBACvD,MAAM,MAAM,MAAM;MAEpC;IAGD,gBAAgB;uBACO,MAAM,UAAU,oBAAoB;MAK1D;IAMD,QAAQ;yBACW,MAAM,SAAS,kBAAkB;MAEnD;IAGD,QAAQ;uBACe,MAAM,UAAU,YAAY;sBAK7B,MAAM,aAAa,MAAM;2BAEpB,MAAM,aAAa,MAAM,UAAU,YAAY;0BAQtD,MAAM,aAAa,MAAM;uBACf,IAAI;;yBACf,MAAM,aAAa,MAAM;qBAChB,IAAI;;4BACV,MAAM,aAAa,MAAM;qCAEV,MAAM,aAAa,MAAM;MAI7D;IAGD,KAAK;uBACkB,MAAM,UAAU,UAAU;4BAK3B,MAAM,aAAa,MAAM;0BAC3B,MAAM,aAAa,MAAM;MAE5C;IAED,UAAU;uBACa,MAAM,UAAU,eAAe;MAKrD;IAED,gBAAgB;uBACC,MAAM;sBACP,MAAM,MAAM,MAAM;0BACd,MAAM,MAAM,MAAM,WAAW,MAAM;yBAKpC,MAAM,MAAM,MAAM,WAAW,MAAM;MAKrD;IAGD,WAAW;yBACc,MAAM;;yBAnelB,MAAM,GAAG,IAAI;;0BAyeA,MAAM,aAAa,MAAM;2BAIxB,MAAM,aAAa,MAAM;2BAIzB,MAAM,gBAAgB,MAAM;yBAI9B,MAAM,gBAAgB,MAAM;yBAI5B,MAAM,gBAAgB,MAAM;;;;MAOpD;CACF"}
package/dist/client.js CHANGED
@@ -1,11 +1,50 @@
1
1
  // Copyright (C) 2026 Garudex Labs. All Rights Reserved.
2
2
  // Caracal, a product of Garudex Labs
3
3
  //
4
- // AdminClient: typed wrapper over the Caracal admin API and agent coordinator.
4
+ // AdminClient: typed wrapper over the Caracal Admin API and Coordinator.
5
5
  import { AdminApiError } from './errors.js';
6
6
  const DEFAULT_TIMEOUT_MS = 30_000;
7
7
  const DEFAULT_RETRIES = 3;
8
8
  const MAX_RETRY_AFTER_MS = 30_000;
9
+ const MAX_LIST_PAGES = 50;
10
+ function mapSession(row) {
11
+ const { agent_session_id, parent_id, subject_authority_record_id, ...rest } = row;
12
+ return {
13
+ ...rest,
14
+ session_id: String(agent_session_id),
15
+ parent_session_id: parent_id === null ? null : String(parent_id),
16
+ authority_record_id: String(subject_authority_record_id),
17
+ };
18
+ }
19
+ function mapEffectiveAuthority(row) {
20
+ const { agent_session_id, inbound_edges, ...rest } = row;
21
+ return {
22
+ ...rest,
23
+ session_id: String(agent_session_id),
24
+ inbound_delegations: Array.isArray(inbound_edges) ? inbound_edges : [],
25
+ };
26
+ }
27
+ function mapDelegationImpact(row) {
28
+ const { edge_id, affected_edges, affected_agents, ...rest } = row;
29
+ return {
30
+ ...rest,
31
+ delegation_id: String(edge_id),
32
+ affected_delegations: Array.isArray(affected_edges) ? affected_edges.map(mapDelegationTraversal) : [],
33
+ affected_sessions: Array.isArray(affected_agents) ? affected_agents : [],
34
+ };
35
+ }
36
+ function mapDelegation(row) {
37
+ const { id, parent_edge_id, ...rest } = row;
38
+ return {
39
+ ...rest,
40
+ delegation_id: String(id),
41
+ parent_delegation_id: parent_edge_id === null ? null : String(parent_edge_id),
42
+ };
43
+ }
44
+ function mapDelegationTraversal(row) {
45
+ const { id, ...rest } = row;
46
+ return { ...rest, delegation_id: String(id) };
47
+ }
9
48
  function grantListQuery(query) {
10
49
  if (!query)
11
50
  return undefined;
@@ -150,9 +189,26 @@ export class AdminClient {
150
189
  }
151
190
  throw lastErr ?? new Error('admin_request_exhausted');
152
191
  }
192
+ // Drains a keyset-paginated collection by following next_cursor until exhausted, so a
193
+ // list is the complete collection rather than a silently truncated first page. The page
194
+ // cap bounds the walk against a server bug that never terminates the cursor chain.
195
+ async listAll(path, label, query) {
196
+ const items = [];
197
+ let cursor;
198
+ for (let page = 0; page < MAX_LIST_PAGES; page++) {
199
+ const response = await this.request(path, { query: { ...query, cursor } });
200
+ if (!Array.isArray(response.items))
201
+ throw new Error(`${label} response missing items`);
202
+ items.push(...response.items);
203
+ if (!response.next_cursor)
204
+ return items;
205
+ cursor = response.next_cursor;
206
+ }
207
+ throw new Error(`${label} pagination did not terminate`);
208
+ }
153
209
  // Zones
154
210
  zones = {
155
- list: () => this.request('/v1/zones'),
211
+ list: () => this.listAll('/v1/zones', 'zones'),
156
212
  get: (id) => this.request(`/v1/zones/${id}`),
157
213
  dcrStatus: (id) => this.request(`/v1/zones/${id}/dcr-status`),
158
214
  create: (input) => this.request('/v1/zones', { method: 'POST', body: input }),
@@ -161,12 +217,16 @@ export class AdminClient {
161
217
  };
162
218
  // Applications
163
219
  applications = {
164
- list: (zoneId) => this.request(`/v1/zones/${zoneId}/applications`),
220
+ list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/applications`, 'applications'),
165
221
  get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/applications/${id}`),
166
222
  create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/applications`, { method: 'POST', body: input }),
167
223
  patch: (zoneId, id, input) => this.request(`/v1/zones/${zoneId}/applications/${id}`, { method: 'PATCH', body: input }),
168
- // Rotates the credential server-side; the response carries the one-time plaintext secret.
224
+ // Rotates the credential server-side; the response carries the plaintext secret and
225
+ // the sealed custody copy in the Secret Store is replaced with it.
169
226
  rotateSecret: (zoneId, id) => this.request(`/v1/zones/${zoneId}/applications/${id}/rotate-secret`, { method: 'POST' }),
227
+ // Retrieves the client secret from Secret Store custody. Every call is recorded
228
+ // in the zone audit timeline as a credential reveal.
229
+ getClientSecret: (zoneId, id) => this.request(`/v1/zones/${zoneId}/applications/${id}/client-secret`),
170
230
  delete: (zoneId, id) => this.request(`/v1/zones/${zoneId}/applications/${id}`, { method: 'DELETE', expectEmpty: true }),
171
231
  // DCR (Dynamic Client Registration) is the sole programmatic path for minting
172
232
  // short-lived self-registering client identities. Caracal does not create DCR
@@ -177,7 +237,7 @@ export class AdminClient {
177
237
  };
178
238
  // Resources
179
239
  resources = {
180
- list: (zoneId) => this.request(`/v1/zones/${zoneId}/resources`),
240
+ list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/resources`, 'resources'),
181
241
  get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/resources/${id}`),
182
242
  create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/resources`, {
183
243
  method: 'POST',
@@ -191,7 +251,7 @@ export class AdminClient {
191
251
  };
192
252
  // Providers
193
253
  providers = {
194
- list: (zoneId) => this.request(`/v1/zones/${zoneId}/providers`),
254
+ list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/providers`, 'providers'),
195
255
  get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/providers/${id}`),
196
256
  create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/providers`, { method: 'POST', body: input }),
197
257
  patch: (zoneId, id, input) => this.request(`/v1/zones/${zoneId}/providers/${id}`, { method: 'PATCH', body: input }),
@@ -199,19 +259,19 @@ export class AdminClient {
199
259
  };
200
260
  // Policies (immutable Rego versions)
201
261
  policies = {
202
- list: (zoneId) => this.request(`/v1/zones/${zoneId}/policies`),
262
+ list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/policies`, 'policies'),
203
263
  get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/policies/${id}`),
204
264
  create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/policies`, {
205
265
  method: 'POST',
206
266
  body: input,
207
267
  }),
208
- validate: (content, schemaVersion) => this.request('/v1/policies/validate', {
268
+ validate: (content) => this.request('/v1/policies/validate', {
209
269
  method: 'POST',
210
- body: { content, schema_version: schemaVersion },
270
+ body: { content },
211
271
  }),
212
- addVersion: (zoneId, id, content, schemaVersion) => this.request(`/v1/zones/${zoneId}/policies/${id}/versions`, {
272
+ addVersion: (zoneId, id, content) => this.request(`/v1/zones/${zoneId}/policies/${id}/versions`, {
213
273
  method: 'POST',
214
- body: { content, schema_version: schemaVersion ?? '2026-05-20' },
274
+ body: { content },
215
275
  }),
216
276
  delete: (zoneId, id) => this.request(`/v1/zones/${zoneId}/policies/${id}`, { method: 'DELETE', expectEmpty: true }),
217
277
  };
@@ -227,61 +287,114 @@ export class AdminClient {
227
287
  };
228
288
  // Policy sets
229
289
  policySets = {
230
- list: (zoneId) => this.request(`/v1/zones/${zoneId}/policy-sets`),
290
+ list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/policy-sets`, 'policy sets'),
231
291
  get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}`),
232
292
  create: (zoneId, name, description) => this.request(`/v1/zones/${zoneId}/policy-sets`, {
233
293
  method: 'POST',
234
294
  body: { name, description },
235
295
  }),
236
- addVersion: (zoneId, id, manifest, schemaVersion) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}/versions`, {
296
+ addVersion: (zoneId, id, manifest) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}/versions`, {
237
297
  method: 'POST',
238
- body: { manifest, schema_version: schemaVersion },
298
+ body: { manifest },
239
299
  }),
300
+ listVersions: (zoneId, id) => this.listAll(`/v1/zones/${zoneId}/policy-sets/${id}/versions`, 'policy set versions'),
240
301
  simulate: (zoneId, id, versionId, input) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}/simulate`, {
241
302
  method: 'POST',
242
303
  body: { version_id: versionId, input },
243
304
  }),
244
- activate: (zoneId, id, versionId, shadowVersionId) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}/activate`, { method: 'POST', body: { version_id: versionId, shadow_version_id: shadowVersionId } }),
305
+ activate: (zoneId, id, versionId) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}/activate`, { method: 'POST', body: { version_id: versionId } }),
306
+ activationStatus: (zoneId, id, versionId, outboxId) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}/activation-status`, {
307
+ query: {
308
+ ...(versionId ? { version_id: versionId } : {}),
309
+ ...(outboxId ? { outbox_id: outboxId } : {}),
310
+ },
311
+ }),
245
312
  delete: (zoneId, id) => this.request(`/v1/zones/${zoneId}/policy-sets/${id}`, { method: 'DELETE', expectEmpty: true }),
246
313
  };
247
314
  // Grants
248
315
  grants = {
249
- list: (zoneId, query) => this.request(`/v1/zones/${zoneId}/grants`, { query: grantListQuery(query) }),
316
+ list: (zoneId, query) => this.listAll(`/v1/zones/${zoneId}/grants`, 'grants', grantListQuery(query)),
250
317
  get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/grants/${id}`),
251
318
  create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/grants`, { method: 'POST', body: input }),
252
319
  revoke: (zoneId, id) => this.request(`/v1/zones/${zoneId}/grants/${id}`, { method: 'DELETE', expectEmpty: true }),
253
320
  };
254
- providerGrants = {
255
- create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/provider-grants`, { method: 'POST', body: input }),
256
- authorizeOAuth: (zoneId, input) => this.request(`/v1/zones/${zoneId}/provider-grants/oauth/authorize`, { method: 'POST', body: input }),
257
- revoke: (zoneId, input) => this.request(`/v1/zones/${zoneId}/provider-grants/revoke`, { method: 'POST', body: input }),
321
+ subjectIssuers = {
322
+ list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/subject-issuers`, 'subject issuers'),
323
+ get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/subject-issuers/${id}`),
324
+ create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/subject-issuers`, { method: 'POST', body: input }),
325
+ patch: (zoneId, id, input) => this.request(`/v1/zones/${zoneId}/subject-issuers/${id}`, { method: 'PATCH', body: input }),
326
+ delete: (zoneId, id) => this.request(`/v1/zones/${zoneId}/subject-issuers/${id}`, { method: 'DELETE', expectEmpty: true }),
258
327
  };
259
- // Sessions (read; revocation is a side effect of grant.revoke or agent.terminate)
260
- sessions = {
328
+ providerConnections = {
329
+ create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/provider-connections`, { method: 'POST', body: input }),
330
+ authorizeOAuth: (zoneId, input) => this.request(`/v1/zones/${zoneId}/provider-connections/oauth/authorize`, {
331
+ method: 'POST',
332
+ body: input,
333
+ }),
334
+ revoke: (zoneId, input) => this.request(`/v1/zones/${zoneId}/provider-connections/revoke`, { method: 'POST', body: input }),
335
+ };
336
+ // Workloads (launcher identities and their credential bindings for caracal run)
337
+ workloads = {
338
+ list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/workloads`, 'workloads'),
339
+ get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/workloads/${id}`),
340
+ // The response carries the plaintext workload secret; a sealed custody copy stays
341
+ // retrievable through getSecret.
342
+ create: (zoneId, input) => this.request(`/v1/zones/${zoneId}/workloads`, { method: 'POST', body: input }),
343
+ update: (zoneId, id, input) => this.request(`/v1/zones/${zoneId}/workloads/${id}`, { method: 'PUT', body: input }),
344
+ // Rotates the credential server-side; the response carries the plaintext secret and
345
+ // the sealed custody copy in the Secret Store is replaced with it.
346
+ rotateSecret: (zoneId, id) => this.request(`/v1/zones/${zoneId}/workloads/${id}/rotate-secret`, { method: 'POST' }),
347
+ // Retrieves the workload secret from Secret Store custody. Every call is recorded
348
+ // in the zone audit timeline as a credential reveal.
349
+ getSecret: (zoneId, id) => this.request(`/v1/zones/${zoneId}/workloads/${id}/secret`),
350
+ delete: (zoneId, id) => this.request(`/v1/zones/${zoneId}/workloads/${id}`, { method: 'DELETE', expectEmpty: true }),
351
+ };
352
+ // Authority records issued by STS. Revocation is performed through the owning authority operation.
353
+ authorityRecords = {
261
354
  list: async (zoneId, query) => {
262
- const response = await this.request(`/v1/zones/${zoneId}/sessions`, { query: { ...query } });
263
- if (!Array.isArray(response.rows))
264
- throw new Error('sessions response missing rows');
265
- return response.rows;
355
+ const response = await this.request(`/v1/zones/${zoneId}/authority-records`, { query: { ...query } });
356
+ if (!Array.isArray(response.items))
357
+ throw new Error('authority-records response missing items');
358
+ return response.items;
266
359
  },
267
360
  };
268
- // Agent sessions (read; status filtering for active/suspended/terminated). CSV export is
269
- // available directly from the API endpoint with format=csv.
270
- agentSessions = {
361
+ // Subjects: the kill switch. One call cuts every authority path a subject
362
+ // holds - session records, governed sessions riding them, delegations, and
363
+ // provider connections - and feeds the revocation stream so in-flight
364
+ // mandates die before their exp. Idempotent.
365
+ subjects = {
366
+ revoke: (zoneId, input) => this.request(`/v1/zones/${zoneId}/subjects/revoke`, { method: 'POST', body: input }),
367
+ };
368
+ // Governed sessions. Reads use the Admin API; lifecycle operations map to Coordinator wire routes.
369
+ sessions = {
271
370
  list: async (zoneId, query) => {
272
- const response = await this.request(`/v1/zones/${zoneId}/agent-sessions`, { query: { ...query } });
273
- if (!Array.isArray(response.rows))
274
- throw new Error('agent-sessions response missing rows');
275
- return response.rows;
371
+ const response = await this.request(`/v1/zones/${zoneId}/sessions`, { query: { ...query } });
372
+ if (!Array.isArray(response.items))
373
+ throw new Error('sessions response missing items');
374
+ return response.items;
375
+ },
376
+ get: async (zoneId, sessionId) => mapSession(await this.request(`/zones/${zoneId}/agents/${sessionId}`, { base: 'coordinator' })),
377
+ children: async (zoneId, sessionId, query) => {
378
+ const response = await this.request(`/zones/${zoneId}/agents/${sessionId}/children`, {
379
+ base: 'coordinator',
380
+ query: { ...query },
381
+ });
382
+ if (!Array.isArray(response.items))
383
+ throw new Error('session children response missing items');
384
+ return response.items.map(mapSession);
276
385
  },
386
+ suspend: (zoneId, sessionId) => this.request(`/zones/${zoneId}/agents/${sessionId}/suspend`, { method: 'PATCH', base: 'coordinator' }),
387
+ resume: (zoneId, sessionId) => this.request(`/zones/${zoneId}/agents/${sessionId}/resume`, { method: 'PATCH', base: 'coordinator' }),
388
+ terminate: (zoneId, sessionId) => this.request(`/zones/${zoneId}/agents/${sessionId}`, { method: 'DELETE', base: 'coordinator', expectEmpty: true }),
389
+ effectiveAuthority: async (zoneId, sessionId) => mapEffectiveAuthority(await this.request(`/zones/${zoneId}/agents/${sessionId}/effective-authority`, { base: 'coordinator' })),
277
390
  };
278
391
  // Audit
279
392
  audit = {
280
393
  list: async (zoneId, query) => {
281
394
  const response = await this.request(`/v1/zones/${zoneId}/audit`, { query: { ...query } });
282
- if (!Array.isArray(response.rows))
283
- throw new Error('audit response missing rows');
284
- return response.rows;
395
+ if (!Array.isArray(response.items))
396
+ throw new Error('audit response missing items');
397
+ return response.items;
285
398
  },
286
399
  byRequest: (zoneId, requestId) => this.request(`/v1/zones/${zoneId}/audit/by-request/${requestId}`),
287
400
  explain: (zoneId, requestId) => this.request(`/v1/zones/${zoneId}/audit/by-request/${requestId}/explain`),
@@ -289,50 +402,39 @@ export class AdminClient {
289
402
  adminAudit = {
290
403
  list: async (zoneId, query) => {
291
404
  const response = await this.request(`/v1/zones/${zoneId}/admin-audit`, { query: { ...query } });
292
- if (!Array.isArray(response.rows))
293
- throw new Error('admin audit response missing rows');
294
- return response.rows;
405
+ if (!Array.isArray(response.items))
406
+ throw new Error('admin audit response missing items');
407
+ return response.items;
295
408
  },
296
409
  };
297
410
  stepUpChallenges = {
298
- list: (zoneId) => this.request(`/v1/zones/${zoneId}/step-up-challenges`),
411
+ list: (zoneId) => this.listAll(`/v1/zones/${zoneId}/step-up-challenges`, 'step-up challenges'),
299
412
  get: (zoneId, id) => this.request(`/v1/zones/${zoneId}/step-up-challenges/${id}`),
300
- satisfy: (zoneId, id) => this.request(`/v1/zones/${zoneId}/step-up-challenges/${id}/satisfy`, { method: 'POST', body: {} }),
413
+ approve: (zoneId, id, reason) => this.request(`/v1/zones/${zoneId}/step-up-challenges/${id}/approve`, {
414
+ method: 'POST',
415
+ body: reason ? { reason } : {},
416
+ }),
417
+ reject: (zoneId, id, reason) => this.request(`/v1/zones/${zoneId}/step-up-challenges/${id}/reject`, {
418
+ method: 'POST',
419
+ body: reason ? { reason } : {},
420
+ }),
301
421
  };
302
- // Agents (coordinator)
303
- agents = {
304
- list: async (zoneId, query) => {
305
- const response = await this.request(`/zones/${zoneId}/agents`, { base: 'coordinator', query: { ...query } });
306
- if (!Array.isArray(response.items))
307
- throw new Error('agents response missing items');
308
- return response.items;
309
- },
310
- get: (zoneId, id) => this.request(`/zones/${zoneId}/agents/${id}`, { base: 'coordinator' }),
311
- children: async (zoneId, id, query) => {
312
- const response = await this.request(`/zones/${zoneId}/agents/${id}/children`, {
422
+ // Delegations (coordinator)
423
+ delegations = {
424
+ active: async (zoneId) => {
425
+ const response = await this.request(`/zones/${zoneId}/delegations/active`, {
313
426
  base: 'coordinator',
314
- query: { ...query },
315
427
  });
316
- if (!Array.isArray(response.items))
317
- throw new Error('agent children response missing items');
318
- return response.items;
428
+ return { ...response, items: response.items.map(mapDelegation) };
429
+ },
430
+ inbound: async (zoneId, sessionId) => (await this.request(`/zones/${zoneId}/delegations/inbound/${sessionId}`, { base: 'coordinator' })).map(mapDelegation),
431
+ outbound: async (zoneId, sessionId) => (await this.request(`/zones/${zoneId}/delegations/outbound/${sessionId}`, { base: 'coordinator' })).map(mapDelegation),
432
+ traverse: async (zoneId, delegationId) => (await this.request(`/zones/${zoneId}/delegations/${delegationId}/traverse`, { base: 'coordinator' })).map(mapDelegationTraversal),
433
+ impact: async (zoneId, delegationId) => mapDelegationImpact(await this.request(`/zones/${zoneId}/delegations/${delegationId}/impact`, { base: 'coordinator' })),
434
+ revoke: async (zoneId, delegationId) => {
435
+ const response = await this.request(`/zones/${zoneId}/delegations/${delegationId}/revoke`, { method: 'PATCH', base: 'coordinator' });
436
+ return { revoked_delegations: response.revoked_edges, affected_sessions: response.affected_sessions };
319
437
  },
320
- suspend: (zoneId, id) => this.request(`/zones/${zoneId}/agents/${id}/suspend`, { method: 'PATCH', base: 'coordinator' }),
321
- resume: (zoneId, id) => this.request(`/zones/${zoneId}/agents/${id}/resume`, { method: 'PATCH', base: 'coordinator' }),
322
- terminate: (zoneId, id) => this.request(`/zones/${zoneId}/agents/${id}`, { method: 'DELETE', base: 'coordinator', expectEmpty: true }),
323
- effectiveAuthority: (zoneId, id) => this.request(`/zones/${zoneId}/agents/${id}/effective-authority`, { base: 'coordinator' }),
324
- };
325
- // Delegations (coordinator)
326
- delegations = {
327
- active: (zoneId) => this.request(`/zones/${zoneId}/delegations/active`, { base: 'coordinator' }),
328
- inbound: (zoneId, sessionId) => this.request(`/zones/${zoneId}/delegations/inbound/${sessionId}`, { base: 'coordinator' }),
329
- outbound: (zoneId, sessionId) => this.request(`/zones/${zoneId}/delegations/outbound/${sessionId}`, { base: 'coordinator' }),
330
- traverse: (zoneId, id) => this.request(`/zones/${zoneId}/delegations/${id}/traverse`, { base: 'coordinator' }),
331
- impact: (zoneId, id) => this.request(`/zones/${zoneId}/delegations/${id}/impact`, { base: 'coordinator' }),
332
- revoke: (zoneId, id) => this.request(`/zones/${zoneId}/delegations/${id}/revoke`, {
333
- method: 'PATCH',
334
- base: 'coordinator',
335
- }),
336
438
  };
337
439
  }
338
440
  //# sourceMappingURL=client.js.map