@datatechsolutions/ui 3.5.0 → 3.5.1

package/dist/platform/rbac.d.mts

@@ -0,0 +1,42 @@
+import { A as AuthUser } from '../index-BoebbJ44.mjs';
+import 'react';
+
+/**
+ * Generic role-based access factory shared across platform apps (astrlabe,
+ * kori-erp, etc). Each app instantiates this with its own role + permission
+ * unions and seed-claim mapping. The factory closes over the config and
+ * exports `ROLE_DEFINITIONS`, `MODULE_PERMISSIONS`, `normalizePlatformRole`,
+ * and `can()` — the same surface the per-app file used to expose.
+ *
+ * The factory deliberately does not hardcode any specific role enum here —
+ * astrlabe, kori-erp, and future apps each pick their own union (admin,
+ * manager, analyst, viewer, …) and pass the role definitions in.
+ */
+type PlatformRoleDefinition<TRole extends string> = {
+    id: TRole;
+    label: string;
+    description: string;
+};
+type CreatePlatformRbacOptions<TRole extends string, TPermission extends string> = {
+    /** Definitions for every role the app supports (id/label/description). */
+    roles: Record<TRole, PlatformRoleDefinition<TRole>>;
+    /**
+     * Maps each app-level permission to one or more JWT permission claim
+     * strings. `can()` returns true when ANY of the listed claims (using
+     * wildcard matching) is present in the user's JWT permissions.
+     */
+    permissionClaimsMap: Record<TPermission, readonly string[]>;
+    /** Optional map from navigation/module IDs to required permissions. */
+    modulePermissions?: Record<string, TPermission>;
+    /** Role to fall back to when an unknown role string comes in. */
+    defaultRole?: TRole;
+};
+type PlatformRbac<TRole extends string, TPermission extends string> = {
+    ROLE_DEFINITIONS: Record<TRole, PlatformRoleDefinition<TRole>>;
+    MODULE_PERMISSIONS: Record<string, TPermission>;
+    normalizePlatformRole: (input: unknown) => TRole;
+    can: (user: AuthUser | null, permission: TPermission) => boolean;
+};
+declare function createPlatformRbac<TRole extends string, TPermission extends string>(opts: CreatePlatformRbacOptions<TRole, TPermission>): PlatformRbac<TRole, TPermission>;
+
+export { type CreatePlatformRbacOptions, type PlatformRbac, type PlatformRoleDefinition, createPlatformRbac };

package/dist/platform/rbac.d.ts

@@ -0,0 +1,42 @@
+import { A as AuthUser } from '../index-BoebbJ44.js';
+import 'react';
+
+/**
+ * Generic role-based access factory shared across platform apps (astrlabe,
+ * kori-erp, etc). Each app instantiates this with its own role + permission
+ * unions and seed-claim mapping. The factory closes over the config and
+ * exports `ROLE_DEFINITIONS`, `MODULE_PERMISSIONS`, `normalizePlatformRole`,
+ * and `can()` — the same surface the per-app file used to expose.
+ *
+ * The factory deliberately does not hardcode any specific role enum here —
+ * astrlabe, kori-erp, and future apps each pick their own union (admin,
+ * manager, analyst, viewer, …) and pass the role definitions in.
+ */
+type PlatformRoleDefinition<TRole extends string> = {
+    id: TRole;
+    label: string;
+    description: string;
+};
+type CreatePlatformRbacOptions<TRole extends string, TPermission extends string> = {
+    /** Definitions for every role the app supports (id/label/description). */
+    roles: Record<TRole, PlatformRoleDefinition<TRole>>;
+    /**
+     * Maps each app-level permission to one or more JWT permission claim
+     * strings. `can()` returns true when ANY of the listed claims (using
+     * wildcard matching) is present in the user's JWT permissions.
+     */
+    permissionClaimsMap: Record<TPermission, readonly string[]>;
+    /** Optional map from navigation/module IDs to required permissions. */
+    modulePermissions?: Record<string, TPermission>;
+    /** Role to fall back to when an unknown role string comes in. */
+    defaultRole?: TRole;
+};
+type PlatformRbac<TRole extends string, TPermission extends string> = {
+    ROLE_DEFINITIONS: Record<TRole, PlatformRoleDefinition<TRole>>;
+    MODULE_PERMISSIONS: Record<string, TPermission>;
+    normalizePlatformRole: (input: unknown) => TRole;
+    can: (user: AuthUser | null, permission: TPermission) => boolean;
+};
+declare function createPlatformRbac<TRole extends string, TPermission extends string>(opts: CreatePlatformRbacOptions<TRole, TPermission>): PlatformRbac<TRole, TPermission>;
+
+export { type CreatePlatformRbacOptions, type PlatformRbac, type PlatformRoleDefinition, createPlatformRbac };

package/dist/platform/settings/index.d.mts

@@ -0,0 +1,31 @@
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import { AdminClient } from '@datatechsolutions/shared-domain';
+import { a as BillingPanelProps } from '../../billing-panel-DsHhhJqG.mjs';
+
+type PlatformSettingsSection = 'account' | 'organization' | 'billing';
+interface PlatformSettingsProps {
+    /**
+     * Sections to surface to the current user. The host app is responsible for
+     * picking the right set based on RBAC — e.g. hide `organization` for users
+     * without `org:manage` and hide `billing` for users without `billing:read`.
+     * Defaults to all three.
+     */
+    sections?: PlatformSettingsSection[];
+    /** Starting section. Defaults to the first item in `sections`. */
+    defaultSection?: PlatformSettingsSection;
+    /**
+     * Windsock admin API client. Required when `organization` is in `sections`.
+     * Create it once with `createAdminClient({ issuer, authClient })` and reuse.
+     */
+    adminClient?: AdminClient;
+    /**
+     * Current organization id (usually `ctx.organizationId` from the JWT).
+     * Required when `organization` is in `sections`.
+     */
+    organizationId?: string;
+    /** Forwarded to `<BillingPanel>` — e.g. redirect handler, billing interval. */
+    billing?: BillingPanelProps;
+}
+declare function PlatformSettings({ sections, defaultSection, adminClient, organizationId, billing, }: PlatformSettingsProps): react_jsx_runtime.JSX.Element | null;
+
+export { PlatformSettings, type PlatformSettingsProps, type PlatformSettingsSection };

package/dist/platform/settings/index.d.ts

@@ -0,0 +1,31 @@
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import { AdminClient } from '@datatechsolutions/shared-domain';
+import { a as BillingPanelProps } from '../../billing-panel-DsHhhJqG.js';
+
+type PlatformSettingsSection = 'account' | 'organization' | 'billing';
+interface PlatformSettingsProps {
+    /**
+     * Sections to surface to the current user. The host app is responsible for
+     * picking the right set based on RBAC — e.g. hide `organization` for users
+     * without `org:manage` and hide `billing` for users without `billing:read`.
+     * Defaults to all three.
+     */
+    sections?: PlatformSettingsSection[];
+    /** Starting section. Defaults to the first item in `sections`. */
+    defaultSection?: PlatformSettingsSection;
+    /**
+     * Windsock admin API client. Required when `organization` is in `sections`.
+     * Create it once with `createAdminClient({ issuer, authClient })` and reuse.
+     */
+    adminClient?: AdminClient;
+    /**
+     * Current organization id (usually `ctx.organizationId` from the JWT).
+     * Required when `organization` is in `sections`.
+     */
+    organizationId?: string;
+    /** Forwarded to `<BillingPanel>` — e.g. redirect handler, billing interval. */
+    billing?: BillingPanelProps;
+}
+declare function PlatformSettings({ sections, defaultSection, adminClient, organizationId, billing, }: PlatformSettingsProps): react_jsx_runtime.JSX.Element | null;
+
+export { PlatformSettings, type PlatformSettingsProps, type PlatformSettingsSection };

package/dist/platform/settings/index.js

@@ -1,23 +1,23 @@
 "use client";
 'use strict';
 
-var chunkC4NRF2G2_js = require('../../chunk-C4NRF2G2.js');
-require('../../chunk-P43PX75J.js');
-require('../../chunk-NCDBNGIB.js');
-require('../../chunk-CY2MBKVG.js');
-require('../../chunk-NKXQYFS7.js');
-require('../../chunk-AWDH6WNA.js');
+var chunkOWJIKCR2_js = require('../../chunk-OWJIKCR2.js');
+require('../../chunk-HVDDCBQ2.js');
+require('../../chunk-5AVO5DJO.js');
+require('../../chunk-2UMDWOUY.js');
+require('../../chunk-EI6FIA45.js');
+require('../../chunk-K4M4B6ME.js');
 require('../../chunk-UZ3CMNUJ.js');
+require('../../chunk-YXN2K77G.js');
 require('../../chunk-S7KHTUHA.js');
 require('../../chunk-SY4MUT5V.js');
 require('../../chunk-2OZZH2IO.js');
-require('../../chunk-YXN2K77G.js');
 
 
 
 Object.defineProperty(exports, "PlatformSettings", {
   enumerable: true,
-  get: function () { return chunkC4NRF2G2_js.PlatformSettings; }
+  get: function () { return chunkOWJIKCR2_js.PlatformSettings; }
 });
 //# sourceMappingURL=index.js.map
 //# sourceMappingURL=index.js.map

package/dist/platform/settings/index.mjs

@@ -1,14 +1,14 @@
 "use client";
-export { PlatformSettings } from '../../chunk-7UHV6A4C.mjs';
-import '../../chunk-7CEZB3ZD.mjs';
-import '../../chunk-QPSHM2JQ.mjs';
-import '../../chunk-6W7VTZG6.mjs';
-import '../../chunk-ZM2Q2SMC.mjs';
-import '../../chunk-NOHHZ6FM.mjs';
+export { PlatformSettings } from '../../chunk-R6O57NTJ.mjs';
+import '../../chunk-ULEPJXTN.mjs';
+import '../../chunk-7OZ4MVEF.mjs';
+import '../../chunk-YV2SE5LS.mjs';
+import '../../chunk-L5O4NWQO.mjs';
+import '../../chunk-EUXHJMGC.mjs';
 import '../../chunk-D2JF6C3E.mjs';
+import '../../chunk-7VJ7CMMT.mjs';
 import '../../chunk-QWG2FMUN.mjs';
 import '../../chunk-RHRJXK5R.mjs';
 import '../../chunk-3AY5HIQ6.mjs';
-import '../../chunk-7VJ7CMMT.mjs';
 //# sourceMappingURL=index.mjs.map
 //# sourceMappingURL=index.mjs.map

package/dist/platform/telemetry/index.d.mts

@@ -0,0 +1,51 @@
+import * as posthog_js from 'posthog-js';
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import { ReactNode } from 'react';
+
+type TelemetryUser = {
+    /** Stable user id — typically the windsock JWT `sub`. */
+    id: string;
+    email?: string;
+    name?: string;
+    role?: string;
+    /** Tenant id — from `https://datatechsolutions.com.br/organization_id` claim. */
+    organizationId?: string;
+};
+type TelemetryProviderProps = {
+    /** App slug — e.g. `astrlabe`, `sextant`, `data-br`. Tags every event. */
+    app: string;
+    /**
+     * PostHog project token (write-only key, safe in browser bundles).
+     * If unset, the provider falls back to `window.__APP_CONFIG__.posthog.key`
+     * (set by the CDK-managed `runtime-config.js`) and then to
+     * `import.meta.env.VITE_POSTHOG_KEY`. Pass explicitly only for tests
+     * or sub-app embeds.
+     */
+    projectKey?: string;
+    /**
+     * PostHog ingestion host. Falls back through the same chain as
+     * `projectKey`; defaults to US Cloud if nothing else resolves.
+     */
+    apiHost?: string;
+    /** Whether to record session replays. Defaults to true. */
+    recordSessions?: boolean;
+    /** Current authenticated user, if any. The provider re-identifies on change. */
+    user?: TelemetryUser | null;
+    children: ReactNode;
+};
+/**
+ * Wrap every SPA in this provider. Pass the windsock-resolved user so
+ * PostHog associates events with the right tenant; pass `null` after
+ * sign-out so the next session is anonymous.
+ */
+declare function TelemetryProvider({ app, projectKey: propProjectKey, apiHost: propApiHost, recordSessions, user, children, }: TelemetryProviderProps): react_jsx_runtime.JSX.Element;
+/**
+ * Re-export the posthog-js/react hook so consumer SPAs can capture
+ * custom events without importing posthog-js directly:
+ *
+ *     const ph = useTelemetry()
+ *     ph?.capture('workflow_run_started', { workflowId })
+ */
+declare const useTelemetry: () => posthog_js.PostHog;
+
+export { TelemetryProvider, type TelemetryProviderProps, type TelemetryUser, useTelemetry };

package/dist/platform/telemetry/index.d.ts

@@ -0,0 +1,51 @@
+import * as posthog_js from 'posthog-js';
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import { ReactNode } from 'react';
+
+type TelemetryUser = {
+    /** Stable user id — typically the windsock JWT `sub`. */
+    id: string;
+    email?: string;
+    name?: string;
+    role?: string;
+    /** Tenant id — from `https://datatechsolutions.com.br/organization_id` claim. */
+    organizationId?: string;
+};
+type TelemetryProviderProps = {
+    /** App slug — e.g. `astrlabe`, `sextant`, `data-br`. Tags every event. */
+    app: string;
+    /**
+     * PostHog project token (write-only key, safe in browser bundles).
+     * If unset, the provider falls back to `window.__APP_CONFIG__.posthog.key`
+     * (set by the CDK-managed `runtime-config.js`) and then to
+     * `import.meta.env.VITE_POSTHOG_KEY`. Pass explicitly only for tests
+     * or sub-app embeds.
+     */
+    projectKey?: string;
+    /**
+     * PostHog ingestion host. Falls back through the same chain as
+     * `projectKey`; defaults to US Cloud if nothing else resolves.
+     */
+    apiHost?: string;
+    /** Whether to record session replays. Defaults to true. */
+    recordSessions?: boolean;
+    /** Current authenticated user, if any. The provider re-identifies on change. */
+    user?: TelemetryUser | null;
+    children: ReactNode;
+};
+/**
+ * Wrap every SPA in this provider. Pass the windsock-resolved user so
+ * PostHog associates events with the right tenant; pass `null` after
+ * sign-out so the next session is anonymous.
+ */
+declare function TelemetryProvider({ app, projectKey: propProjectKey, apiHost: propApiHost, recordSessions, user, children, }: TelemetryProviderProps): react_jsx_runtime.JSX.Element;
+/**
+ * Re-export the posthog-js/react hook so consumer SPAs can capture
+ * custom events without importing posthog-js directly:
+ *
+ *     const ph = useTelemetry()
+ *     ph?.capture('workflow_run_started', { workflowId })
+ */
+declare const useTelemetry: () => posthog_js.PostHog;
+
+export { TelemetryProvider, type TelemetryProviderProps, type TelemetryUser, useTelemetry };

package/dist/platform/utils/index.d.mts

@@ -0,0 +1,32 @@
+import { WorkflowGraph } from '@datatechsolutions/shared-domain/ports/workflow';
+import { WorkflowGraph as WorkflowGraph$1 } from '../../astrlabe/contracts.mjs';
+
+/** Formats a millisecond count as a short, human-readable duration string. */
+declare function formatDurationMs(ms: number | null | undefined): string;
+
+/**
+ * Parses a JSON string into a typed value, returning undefined (not throwing)
+ * on empty input or malformed JSON. Used by form builders where the user types
+ * JSON into a textarea and we want to surface a friendly "couldn't parse" state
+ * rather than crashing the submit handler.
+ */
+declare function tryParseJson<T = unknown>(value: FormDataEntryValue | string | null | undefined): T | undefined;
+/** Parses JSON into an object record. Returns undefined if the result is not a plain object. */
+declare function tryParseJsonObject(value: FormDataEntryValue | string | null | undefined): Record<string, unknown> | undefined;
+/** Parses JSON into an array of records. Returns undefined if not a plain array. */
+declare function tryParseJsonArray(value: FormDataEntryValue | string | null | undefined): Array<Record<string, unknown>> | undefined;
+
+type ToolCategory = 'search' | 'code' | 'file' | 'web' | 'math' | 'custom';
+declare const TOOL_CATEGORY_VALUES: readonly ToolCategory[];
+/** Narrows a form value to a ToolCategory, returning undefined if not one of the known values. */
+declare function parseToolCategory(value: FormDataEntryValue | null | undefined): ToolCategory | undefined;
+
+declare function adaptWorkflowGraphToUi(graph: WorkflowGraph): WorkflowGraph$1;
+
+declare function getLambdaApiBase(): string;
+declare function buildLambdaApiUrl(path: string): string;
+
+declare function getAuthAppUrl(): string;
+declare function buildHostedAuthUrl(path: string, search?: string): string;
+
+export { TOOL_CATEGORY_VALUES, type ToolCategory, adaptWorkflowGraphToUi, buildHostedAuthUrl, buildLambdaApiUrl, formatDurationMs, getAuthAppUrl, getLambdaApiBase, parseToolCategory, tryParseJson, tryParseJsonArray, tryParseJsonObject };

package/dist/platform/utils/index.d.ts

@@ -0,0 +1,32 @@
+import { WorkflowGraph } from '@datatechsolutions/shared-domain/ports/workflow';
+import { WorkflowGraph as WorkflowGraph$1 } from '../../astrlabe/contracts.js';
+
+/** Formats a millisecond count as a short, human-readable duration string. */
+declare function formatDurationMs(ms: number | null | undefined): string;
+
+/**
+ * Parses a JSON string into a typed value, returning undefined (not throwing)
+ * on empty input or malformed JSON. Used by form builders where the user types
+ * JSON into a textarea and we want to surface a friendly "couldn't parse" state
+ * rather than crashing the submit handler.
+ */
+declare function tryParseJson<T = unknown>(value: FormDataEntryValue | string | null | undefined): T | undefined;
+/** Parses JSON into an object record. Returns undefined if the result is not a plain object. */
+declare function tryParseJsonObject(value: FormDataEntryValue | string | null | undefined): Record<string, unknown> | undefined;
+/** Parses JSON into an array of records. Returns undefined if not a plain array. */
+declare function tryParseJsonArray(value: FormDataEntryValue | string | null | undefined): Array<Record<string, unknown>> | undefined;
+
+type ToolCategory = 'search' | 'code' | 'file' | 'web' | 'math' | 'custom';
+declare const TOOL_CATEGORY_VALUES: readonly ToolCategory[];
+/** Narrows a form value to a ToolCategory, returning undefined if not one of the known values. */
+declare function parseToolCategory(value: FormDataEntryValue | null | undefined): ToolCategory | undefined;
+
+declare function adaptWorkflowGraphToUi(graph: WorkflowGraph): WorkflowGraph$1;
+
+declare function getLambdaApiBase(): string;
+declare function buildLambdaApiUrl(path: string): string;
+
+declare function getAuthAppUrl(): string;
+declare function buildHostedAuthUrl(path: string, search?: string): string;
+
+export { TOOL_CATEGORY_VALUES, type ToolCategory, adaptWorkflowGraphToUi, buildHostedAuthUrl, buildLambdaApiUrl, formatDurationMs, getAuthAppUrl, getLambdaApiBase, parseToolCategory, tryParseJson, tryParseJsonArray, tryParseJsonObject };

package/dist/platform/windsock-admin-client.d.mts

@@ -0,0 +1,57 @@
+import { AuthOrganizationDomain, AuthOrganizationRole, AdminCreateOrganizationInput, AuthOrganization, AdminCreateInvitationInput, AdminCreatePermissionInput, AdminPermission, AdminCreateUserInput, AdminUserSummary, AuthOrganizationInvitation, AdminOrganizationMember, AdminListParams, AdminListResult, AdminClient, AdminUpdateOrganizationInput, AdminUpdatePermissionInput, AdminUpdateUserInput } from '@datatechsolutions/shared-domain';
+
+declare function setWindsockAdminClient(client: AdminClient, issuer: string, authFetch: typeof fetch): void;
+declare function listUsers(params?: AdminListParams): Promise<AdminListResult<AdminUserSummary>>;
+declare function createUser(data: AdminCreateUserInput): Promise<AdminUserSummary>;
+declare function updateUser(userId: string, data: AdminUpdateUserInput): Promise<void>;
+declare function deleteUser(userId: string): Promise<void>;
+declare function resetUserPassword(userId: string, password: string): Promise<void>;
+declare function listOrganizations(): Promise<AuthOrganization[]>;
+declare function createOrganization(data: AdminCreateOrganizationInput): Promise<AuthOrganization>;
+declare function updateOrganization(organizationId: string, data: AdminUpdateOrganizationInput): Promise<AuthOrganization>;
+declare function deleteOrganization(organizationId: string): Promise<void>;
+declare function listOrganizationMembers(organizationId: string): Promise<AdminOrganizationMember[]>;
+declare function addOrganizationMember(organizationId: string, userId: string, role?: AuthOrganizationRole): Promise<void>;
+declare function removeOrganizationMember(organizationId: string, userId: string): Promise<void>;
+declare function listOrganizationInvitations(organizationId: string): Promise<AuthOrganizationInvitation[]>;
+declare function createOrganizationInvitation(organizationId: string, data: AdminCreateInvitationInput): Promise<void>;
+declare function listOrganizationDomains(organizationId: string): Promise<AuthOrganizationDomain[]>;
+declare function addOrganizationDomain(organizationId: string, domain: string): Promise<AuthOrganizationDomain>;
+declare function verifyOrganizationDomain(organizationId: string, domain: string): Promise<void>;
+declare function listPermissions(): Promise<AdminPermission[]>;
+declare function createPermission(data: AdminCreatePermissionInput): Promise<AdminPermission>;
+declare function updatePermission(permissionId: string, data: AdminUpdatePermissionInput): Promise<void>;
+declare function deletePermission(permissionId: string): Promise<void>;
+declare function getUserPermissions(userId: string): Promise<AdminPermission[]>;
+declare function setUserPermissions(userId: string, permissionIds: string[]): Promise<void>;
+type SecretSummary = {
+    secretId: string;
+    name: string;
+    secretType: string;
+    description: string | null;
+    expiresAt: string | null;
+    createdAt: string;
+    updatedAt: string;
+    disabled: boolean;
+};
+type SecretDetail = SecretSummary & {
+    value?: string;
+};
+type CreateSecretInput = {
+    name: string;
+    value: string;
+    secretType?: string;
+    description?: string;
+    leaseTtlSeconds?: number;
+};
+type UpdateSecretInput = {
+    value: string;
+    leaseTtlSeconds?: number;
+};
+declare function listSecrets(organizationId: string): Promise<SecretSummary[]>;
+declare function getSecret(organizationId: string, secretId: string): Promise<SecretDetail>;
+declare function createSecret(organizationId: string, input: CreateSecretInput): Promise<SecretSummary>;
+declare function rotateSecret(organizationId: string, secretId: string, input: UpdateSecretInput): Promise<SecretSummary>;
+declare function disableSecret(organizationId: string, secretId: string): Promise<void>;
+
+export { type CreateSecretInput, type SecretDetail, type SecretSummary, type UpdateSecretInput, addOrganizationDomain, addOrganizationMember, createOrganization, createOrganizationInvitation, createPermission, createSecret, createUser, deleteOrganization, deletePermission, deleteUser, disableSecret, getSecret, getUserPermissions, listOrganizationDomains, listOrganizationInvitations, listOrganizationMembers, listOrganizations, listPermissions, listSecrets, listUsers, removeOrganizationMember, resetUserPassword, rotateSecret, setUserPermissions, setWindsockAdminClient, updateOrganization, updatePermission, updateUser, verifyOrganizationDomain };

package/dist/platform/windsock-admin-client.d.ts

@@ -0,0 +1,57 @@
+import { AuthOrganizationDomain, AuthOrganizationRole, AdminCreateOrganizationInput, AuthOrganization, AdminCreateInvitationInput, AdminCreatePermissionInput, AdminPermission, AdminCreateUserInput, AdminUserSummary, AuthOrganizationInvitation, AdminOrganizationMember, AdminListParams, AdminListResult, AdminClient, AdminUpdateOrganizationInput, AdminUpdatePermissionInput, AdminUpdateUserInput } from '@datatechsolutions/shared-domain';
+
+declare function setWindsockAdminClient(client: AdminClient, issuer: string, authFetch: typeof fetch): void;
+declare function listUsers(params?: AdminListParams): Promise<AdminListResult<AdminUserSummary>>;
+declare function createUser(data: AdminCreateUserInput): Promise<AdminUserSummary>;
+declare function updateUser(userId: string, data: AdminUpdateUserInput): Promise<void>;
+declare function deleteUser(userId: string): Promise<void>;
+declare function resetUserPassword(userId: string, password: string): Promise<void>;
+declare function listOrganizations(): Promise<AuthOrganization[]>;
+declare function createOrganization(data: AdminCreateOrganizationInput): Promise<AuthOrganization>;
+declare function updateOrganization(organizationId: string, data: AdminUpdateOrganizationInput): Promise<AuthOrganization>;
+declare function deleteOrganization(organizationId: string): Promise<void>;
+declare function listOrganizationMembers(organizationId: string): Promise<AdminOrganizationMember[]>;
+declare function addOrganizationMember(organizationId: string, userId: string, role?: AuthOrganizationRole): Promise<void>;
+declare function removeOrganizationMember(organizationId: string, userId: string): Promise<void>;
+declare function listOrganizationInvitations(organizationId: string): Promise<AuthOrganizationInvitation[]>;
+declare function createOrganizationInvitation(organizationId: string, data: AdminCreateInvitationInput): Promise<void>;
+declare function listOrganizationDomains(organizationId: string): Promise<AuthOrganizationDomain[]>;
+declare function addOrganizationDomain(organizationId: string, domain: string): Promise<AuthOrganizationDomain>;
+declare function verifyOrganizationDomain(organizationId: string, domain: string): Promise<void>;
+declare function listPermissions(): Promise<AdminPermission[]>;
+declare function createPermission(data: AdminCreatePermissionInput): Promise<AdminPermission>;
+declare function updatePermission(permissionId: string, data: AdminUpdatePermissionInput): Promise<void>;
+declare function deletePermission(permissionId: string): Promise<void>;
+declare function getUserPermissions(userId: string): Promise<AdminPermission[]>;
+declare function setUserPermissions(userId: string, permissionIds: string[]): Promise<void>;
+type SecretSummary = {
+    secretId: string;
+    name: string;
+    secretType: string;
+    description: string | null;
+    expiresAt: string | null;
+    createdAt: string;
+    updatedAt: string;
+    disabled: boolean;
+};
+type SecretDetail = SecretSummary & {
+    value?: string;
+};
+type CreateSecretInput = {
+    name: string;
+    value: string;
+    secretType?: string;
+    description?: string;
+    leaseTtlSeconds?: number;
+};
+type UpdateSecretInput = {
+    value: string;
+    leaseTtlSeconds?: number;
+};
+declare function listSecrets(organizationId: string): Promise<SecretSummary[]>;
+declare function getSecret(organizationId: string, secretId: string): Promise<SecretDetail>;
+declare function createSecret(organizationId: string, input: CreateSecretInput): Promise<SecretSummary>;
+declare function rotateSecret(organizationId: string, secretId: string, input: UpdateSecretInput): Promise<SecretSummary>;
+declare function disableSecret(organizationId: string, secretId: string): Promise<void>;
+
+export { type CreateSecretInput, type SecretDetail, type SecretSummary, type UpdateSecretInput, addOrganizationDomain, addOrganizationMember, createOrganization, createOrganizationInvitation, createPermission, createSecret, createUser, deleteOrganization, deletePermission, deleteUser, disableSecret, getSecret, getUserPermissions, listOrganizationDomains, listOrganizationInvitations, listOrganizationMembers, listOrganizations, listPermissions, listSecrets, listUsers, removeOrganizationMember, resetUserPassword, rotateSecret, setUserPermissions, setWindsockAdminClient, updateOrganization, updatePermission, updateUser, verifyOrganizationDomain };

package/dist/platform/workflow-api-client.d.mts

@@ -0,0 +1,6 @@
+import '../astrlabe/contracts.mjs';
+import '../index-BNRGVAS5.mjs';
+import '@datatechsolutions/shared-domain/ports/workflow';
+import '@datatechsolutions/shared-domain/common';
+export { h as AiGenerateResponse, i as AiValidateResponse, A as AnalyticsSummary, j as ApprovalDecision, k as ApprovalResponse, l as ModelFamilyCatalogEntry, m as ModelProviderCatalogEntry, M as ModelProviderConnection, N as NodeMetrics, n as NodeValidationIssue, P as PresignUploadInput, o as PresignedUpload, p as PublicSampleWorkflow, q as RunEvent, r as RunSubscriptionState, R as RunTimelineEntry, W as WorkflowRunListParams, s as WorkflowTemplateSummary, t as aiGenerateWorkflow, u as aiValidateWorkflow, v as buildAuthenticatedApiUrl, w as cancelWorkflowRun, x as createAgentConfig, y as createAgentPrompt, z as createAgentRule, B as createAgentTool, C as createAgentToolDefinition, E as createDatasource, F as createModelProviderConnection, G as createWorkflow, H as createWorkflowFromTemplate, I as deleteAgentConfig, J as deleteAgentPrompt, K as deleteAgentRule, L as deleteAgentTool, O as deleteAgentToolDefinition, Q as deleteModelProviderConnection, S as deleteUpload, T as deleteWorkflow, U as executeAgentRule, V as executeWorkflow, X as getAgentConfigsWithPrompts, Y as getAgentModels, Z as getAgentPrompts, _ as getAgentRules, $ as getAgentToolDefinitions, a0 as getAgentTools, a1 as getAnalyticsSummary, a2 as getCurrentAccessToken, a3 as getDatasourceSchema, a4 as getDatasourceTables, a5 as getDatasources, a6 as getPublicSampleWorkflow, a7 as getRunTimeline, a8 as getUploadDownloadUrl, a9 as getWorkflowById, aa as getWorkflowRunById, ab as getWorkflowRuns, ac as getWorkflows, ad as listModelProviderCatalog, ae as listModelProviderConnections, af as listWorkflowRuns, ag as listWorkflowTemplates, ah as presignUpload, ai as publishWorkflow, aj as replayWorkflowRun, ak as saveWorkflowDraft, al as setAccessTokenProvider, am as setAuthenticatedFetch, an as submitApproval, ao as subscribeToRunEvents, ap as updateAgentConfig, aq as updateAgentPrompt, ar as updateAgentRule, as as updateAgentTool, at as updateAgentToolDefinition, au as updateModelProviderConnection, av as updateWorkflowSettings } from '../workflow-api-client-CpFl3WcG.mjs';
+import 'react/jsx-runtime';

package/dist/platform/workflow-api-client.d.ts

@@ -0,0 +1,6 @@
+import '../astrlabe/contracts.js';
+import '../index-CnCY-b5V.js';
+import '@datatechsolutions/shared-domain/ports/workflow';
+import '@datatechsolutions/shared-domain/common';
+export { h as AiGenerateResponse, i as AiValidateResponse, A as AnalyticsSummary, j as ApprovalDecision, k as ApprovalResponse, l as ModelFamilyCatalogEntry, m as ModelProviderCatalogEntry, M as ModelProviderConnection, N as NodeMetrics, n as NodeValidationIssue, P as PresignUploadInput, o as PresignedUpload, p as PublicSampleWorkflow, q as RunEvent, r as RunSubscriptionState, R as RunTimelineEntry, W as WorkflowRunListParams, s as WorkflowTemplateSummary, t as aiGenerateWorkflow, u as aiValidateWorkflow, v as buildAuthenticatedApiUrl, w as cancelWorkflowRun, x as createAgentConfig, y as createAgentPrompt, z as createAgentRule, B as createAgentTool, C as createAgentToolDefinition, E as createDatasource, F as createModelProviderConnection, G as createWorkflow, H as createWorkflowFromTemplate, I as deleteAgentConfig, J as deleteAgentPrompt, K as deleteAgentRule, L as deleteAgentTool, O as deleteAgentToolDefinition, Q as deleteModelProviderConnection, S as deleteUpload, T as deleteWorkflow, U as executeAgentRule, V as executeWorkflow, X as getAgentConfigsWithPrompts, Y as getAgentModels, Z as getAgentPrompts, _ as getAgentRules, $ as getAgentToolDefinitions, a0 as getAgentTools, a1 as getAnalyticsSummary, a2 as getCurrentAccessToken, a3 as getDatasourceSchema, a4 as getDatasourceTables, a5 as getDatasources, a6 as getPublicSampleWorkflow, a7 as getRunTimeline, a8 as getUploadDownloadUrl, a9 as getWorkflowById, aa as getWorkflowRunById, ab as getWorkflowRuns, ac as getWorkflows, ad as listModelProviderCatalog, ae as listModelProviderConnections, af as listWorkflowRuns, ag as listWorkflowTemplates, ah as presignUpload, ai as publishWorkflow, aj as replayWorkflowRun, ak as saveWorkflowDraft, al as setAccessTokenProvider, am as setAuthenticatedFetch, an as submitApproval, ao as subscribeToRunEvents, ap as updateAgentConfig, aq as updateAgentPrompt, ar as updateAgentRule, as as updateAgentTool, at as updateAgentToolDefinition, au as updateModelProviderConnection, av as updateWorkflowSettings } from '../workflow-api-client-uLICOanv.js';
+import 'react/jsx-runtime';

package/dist/platform/workflow-canvas-shell.d.mts

@@ -0,0 +1,18 @@
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import { WorkflowCanvasShellProps } from '@datatechsolutions/shared-domain/common';
+
+/**
+ * Workflow canvas shell with optional message bundle override.
+ *
+ * Most apps wrap their tree in `<I18nProvider>` and let the canvas read
+ * messages from context — in that case `messages` can be omitted. Apps
+ * that need to inject a precomputed bundle (e.g. for tests or app-specific
+ * overrides not shipped with shared-domain) can pass it explicitly.
+ */
+type Props = WorkflowCanvasShellProps & {
+    /** Optional override for the messages catalog passed into the canvas. */
+    messages?: Record<string, unknown>;
+};
+declare function WorkflowCanvasShell({ graph, messages }: Props): react_jsx_runtime.JSX.Element;
+
+export { WorkflowCanvasShell };

package/dist/platform/workflow-canvas-shell.d.ts

@@ -0,0 +1,18 @@
+import * as react_jsx_runtime from 'react/jsx-runtime';
+import { WorkflowCanvasShellProps } from '@datatechsolutions/shared-domain/common';
+
+/**
+ * Workflow canvas shell with optional message bundle override.
+ *
+ * Most apps wrap their tree in `<I18nProvider>` and let the canvas read
+ * messages from context — in that case `messages` can be omitted. Apps
+ * that need to inject a precomputed bundle (e.g. for tests or app-specific
+ * overrides not shipped with shared-domain) can pass it explicitly.
+ */
+type Props = WorkflowCanvasShellProps & {
+    /** Optional override for the messages catalog passed into the canvas. */
+    messages?: Record<string, unknown>;
+};
+declare function WorkflowCanvasShell({ graph, messages }: Props): react_jsx_runtime.JSX.Element;
+
+export { WorkflowCanvasShell };

package/dist/platform/workflow-canvas-shell.js

@@ -1,14 +1,14 @@
 "use client";
 'use strict';
 
-var chunkBVXATTTA_js = require('../chunk-BVXATTTA.js');
-require('../chunk-QSMPKL27.js');
-require('../chunk-AWDH6WNA.js');
+var chunkMT4FJRMD_js = require('../chunk-MT4FJRMD.js');
+require('../chunk-F5UDX6JA.js');
+require('../chunk-K4M4B6ME.js');
 require('../chunk-UZ3CMNUJ.js');
+require('../chunk-YXN2K77G.js');
 require('../chunk-S7KHTUHA.js');
 require('../chunk-SY4MUT5V.js');
 require('../chunk-2OZZH2IO.js');
-require('../chunk-YXN2K77G.js');
 require('../chunk-P4YYEM4B.js');
 require('../chunk-72SWXOD5.js');
 
@@ -16,7 +16,7 @@ require('../chunk-72SWXOD5.js');
 
 Object.defineProperty(exports, "WorkflowCanvasShell", {
   enumerable: true,
-  get: function () { return chunkBVXATTTA_js.WorkflowCanvasShell; }
+  get: function () { return chunkMT4FJRMD_js.WorkflowCanvasShell; }
 });
 //# sourceMappingURL=workflow-canvas-shell.js.map
 //# sourceMappingURL=workflow-canvas-shell.js.map

package/dist/platform/workflow-canvas-shell.mjs

@@ -1,12 +1,12 @@
 "use client";
-export { WorkflowCanvasShell } from '../chunk-4PFU6A2B.mjs';
-import '../chunk-OASC7NYV.mjs';
-import '../chunk-NOHHZ6FM.mjs';
+export { WorkflowCanvasShell } from '../chunk-R3Q5RXXO.mjs';
+import '../chunk-WKCR4KVQ.mjs';
+import '../chunk-EUXHJMGC.mjs';
 import '../chunk-D2JF6C3E.mjs';
+import '../chunk-7VJ7CMMT.mjs';
 import '../chunk-QWG2FMUN.mjs';
 import '../chunk-RHRJXK5R.mjs';
 import '../chunk-3AY5HIQ6.mjs';
-import '../chunk-7VJ7CMMT.mjs';
 import '../chunk-OZNTQROP.mjs';
 import '../chunk-G7JQ4OCE.mjs';
 //# sourceMappingURL=workflow-canvas-shell.mjs.map