@drmhse/sso-sdk 0.3.7 → 0.3.9

package/dist/index.d.mts

@@ -162,306 +162,35 @@ interface JwtClaims {
     iat: number;
 }
 
-/**
- * Risk assessment and engine types
- */
-/**
- * Risk score levels
- */
-type RiskScore = number;
-/**
- * Risk assessment results from the risk engine
- */
-interface RiskAssessment {
-    /** Overall risk score (0-100, higher is more risky) */
-    score: RiskScore;
-    /** Action to take based on risk assessment */
-    action: RiskAction;
-    /** Specific risk factors that contributed to the score */
-    factors: RiskFactor[];
-    /** Geolocation data if available */
-    location?: GeolocationData;
-    /** When the assessment was performed */
-    assessedAt: string;
-    /** Additional metadata about the assessment */
-    metadata?: Record<string, unknown>;
-}
-/**
- * Risk actions the engine can recommend
- */
-declare enum RiskAction {
-    /** Allow the authentication to proceed */
-    ALLOW = "allow",
-    /** Log only - allow but monitor */
-    LOG_ONLY = "log_only",
-    /** Require additional verification (MFA) */
-    CHALLENGE_MFA = "challenge_mfa",
-    /** Block the authentication attempt */
-    BLOCK = "block"
-}
-/**
- * Individual risk factors that contribute to overall risk score
- */
-interface RiskFactor {
-    /** Type of risk factor */
-    type: RiskFactorType;
-    /** How much this factor contributes to the score */
-    weight: number;
-    /** Human-readable description */
-    description: string;
-    /** Additional data about this factor */
-    data?: Record<string, unknown>;
-}
-/**
- * Types of risk factors the engine can detect
- */
-declare enum RiskFactorType {
-    /** Unknown IP address or never seen before */
-    NEW_IP = "new_ip",
-    /** IP from high-risk country or region */
-    HIGH_RISK_LOCATION = "high_risk_location",
-    /** Impossible travel - login from geographically impossible locations */
-    IMPOSSIBLE_TRAVEL = "impossible_travel",
-    /** New device or browser fingerprint */
-    NEW_DEVICE = "new_device",
-    /** Multiple failed login attempts */
-    FAILED_ATTEMPTS = "failed_attempts",
-    /** Login from unusual time of day */
-    UNUSUAL_TIME = "unusual_time",
-    /** Suspicious user agent or bot patterns */
-    SUSPICIOUS_USER_AGENT = "suspicious_user_agent",
-    /** Tor exit node or VPN detected */
-    ANONYMOUS_NETWORK = "anonymous_network",
-    /** Account is new (recently created) */
-    NEW_ACCOUNT = "new_account",
-    /** Account has suspicious activity history */
-    SUSPICIOUS_HISTORY = "suspicious_history",
-    /** Velocity-based detection (too many actions) */
-    HIGH_VELOCITY = "high_velocity",
-    /** Custom rule triggered */
-    CUSTOM_RULE = "custom_rule"
-}
-/**
- * Geolocation data for risk assessment
- */
-interface GeolocationData {
-    /** Two-letter ISO country code */
+interface GeoLocation {
     country: string;
-    /** City name if available */
     city?: string;
-    /** Region/state if available */
-    region?: string;
-    /** Latitude coordinate */
-    latitude?: number;
-    /** Longitude coordinate */
-    longitude?: number;
-    /** ISP or organization name */
-    isp?: string;
-    /** Whether this is a known VPN/proxy */
-    isVpn?: boolean;
-    /** Whether this is a Tor exit node */
-    isTor?: boolean;
-}
-/**
- * Context provided to risk engine for assessment
- */
-interface RiskContext {
-    /** User ID being authenticated */
-    userId: string;
-    /** Organization ID if applicable */
-    orgId?: string;
-    /** IP address of the request */
-    ipAddress: string;
-    /** User agent string */
-    userAgent: string;
-    /** Device fingerprint or cookie if available */
-    deviceCookie?: string;
-    /** Authentication method being used */
-    authMethod: AuthMethod;
-    /** Additional context data */
-    metadata?: Record<string, unknown>;
-}
-/**
- * Authentication methods for risk assessment
- */
-declare enum AuthMethod {
-    /** Email and password */
-    PASSWORD = "password",
-    /** OAuth provider (Google, GitHub, etc.) */
-    OAUTH = "oauth",
-    /** WebAuthn passkeys */
-    PASSKEY = "passkey",
-    /** Magic link email */
-    MAGIC_LINK = "magic_link",
-    /** Multi-factor authentication */
-    MFA = "mfa",
-    /** SAML SSO */
-    SAML = "saml"
-}
-/**
- * Risk engine configuration for organizations
- */
-interface RiskEngineConfig {
-    /** Enable/disable risk engine */
-    enabled: boolean;
-    /** Risk score threshold for blocking */
-    blockThreshold: RiskScore;
-    /** Risk score threshold for requiring MFA */
-    mfaThreshold: RiskScore;
-    /** Which risk factors to consider */
-    enabledFactors: RiskFactorType[];
-    /** Custom rules and weights */
-    customRules?: RiskRule[];
-    /** How long to remember trusted devices */
-    deviceTrustDuration: number;
-    /** Whether to enable location-based risk assessment */
-    enableLocationTracking: boolean;
-    /** Max failed attempts before increased risk */
-    maxFailedAttempts: number;
-    /** Time window for velocity checks */
-    velocityWindow: number;
-}
-/**
- * Custom risk rule definition
- */
-interface RiskRule {
-    /** Unique rule identifier */
-    id: string;
-    /** Rule name for display */
-    name: string;
-    /** Rule description */
-    description: string;
-    /** Condition to trigger the rule */
-    condition: RiskRuleCondition;
-    /** Action to take when rule triggers */
-    action: RiskAction;
-    /** How much weight this rule carries */
-    weight: number;
-    /** Whether the rule is enabled */
-    enabled: boolean;
+    latitude: number;
+    longitude: number;
 }
-/**
- * Risk rule condition
- */
-interface RiskRuleCondition {
-    /** Field to check */
-    field: string;
-    /** Operator for comparison */
-    operator: 'eq' | 'ne' | 'gt' | 'gte' | 'lt' | 'lte' | 'in' | 'contains' | 'regex';
-    /** Value to compare against */
-    value: unknown;
-    /** Additional conditions (AND logic) */
-    and?: RiskRuleCondition[];
-    /** Alternative conditions (OR logic) */
-    or?: RiskRuleCondition[];
-}
-/**
- * Device trust information
- */
-interface DeviceTrust {
-    /** Device ID */
-    deviceId: string;
-    /** User ID this device belongs to */
-    userId: string;
-    /** Device name or description */
-    deviceName: string;
-    /** When the device was first seen */
-    firstSeenAt: string;
-    /** When the device was last used */
-    lastSeenAt: string;
-    /** When the device trust expires */
-    expiresAt: string;
-    /** IP address when device was registered */
-    registrationIp?: string;
-    /** Risk score for this device */
-    riskScore: RiskScore;
-    /** Whether this device is currently trusted */
-    isTrusted: boolean;
+type RiskAction = 'allow' | 'challenge_mfa' | 'block' | 'log_only';
+interface RiskAssessment {
+    score: number;
+    factors: string[];
+    action: RiskAction;
+    location?: GeoLocation;
 }
-/**
- * Risk event for logging and monitoring
- */
-interface RiskEvent {
-    /** Unique event ID */
+interface RiskEventResponse {
     id: string;
-    /** User ID involved */
-    userId: string;
-    /** Organization ID if applicable */
-    orgId?: string;
-    /** Risk assessment that triggered this event */
-    assessment: RiskAssessment;
-    /** Authentication context */
-    context: RiskContext;
-    /** When the event occurred */
-    timestamp: string;
-    /** Event outcome */
-    outcome: RiskEventOutcome;
-    /** Additional event metadata */
-    metadata?: Record<string, unknown>;
-}
-/**
- * Risk event outcomes
- */
-declare enum RiskEventOutcome {
-    /** Authentication was allowed */
-    ALLOWED = "allowed",
-    /** Authentication was blocked */
-    BLOCKED = "blocked",
-    /** Additional verification was required */
-    CHALLENGED = "challenged",
-    /** Event was logged but no action taken */
-    LOGGED = "logged"
-}
-/**
- * Risk engine analytics and reporting
- */
-interface RiskAnalytics {
-    /** Total risk assessments in time period */
-    totalAssessments: number;
-    /** Risk score distribution */
-    scoreDistribution: {
-        low: number;
-        medium: number;
-        high: number;
-        critical: number;
-    };
-    /** Most common risk factors */
-    topRiskFactors: Array<{
-        factor: RiskFactorType;
-        count: number;
-        percentage: number;
-    }>;
-    /** Blocked authentication attempts */
-    blockedAttempts: number;
-    /** MFA challenges issued */
-    mfaChallenges: number;
-    /** Geographic risk data */
-    locationRisk: Array<{
-        country: string;
-        riskCount: number;
-        riskScore: number;
-    }>;
-    /** Time-based risk patterns */
-    temporalPatterns: {
-        hourly: number[];
-        daily: number[];
-    };
+    user_id: string;
+    user_email?: string;
+    created_at: string;
+    risk_score: number;
+    risk_factors: string[];
+    geo_country?: string;
+    geo_city?: string;
+    ip_address?: string;
+    provider: string;
 }
-/**
- * Risk enforcement modes
- */
-type RiskEnforcementMode = 'log_only' | 'monitor' | 'block' | 'challenge_mfa';
-/**
- * Organization risk settings
- */
-interface RiskSettings {
-    enforcement_mode: RiskEnforcementMode;
-    low_threshold: number;
-    medium_threshold: number;
-    new_device_score: number;
-    impossible_travel_score: number;
-    velocity_threshold: number;
-    velocity_score: number;
+interface RiskEventsQuery {
+    page?: number;
+    limit?: number;
+    min_score?: number;
 }
 
 /**
@@ -906,6 +635,16 @@ interface CreateOrganizationResponse {
     access_token: string;
     refresh_token: string;
 }
+/**
+ * Select organization response - returned when switching org context
+ */
+interface SelectOrganizationResponse {
+    organization: Organization;
+    membership: Membership;
+    access_token: string;
+    refresh_token: string;
+    expires_in: number;
+}
 /**
  * Update organization payload
  */
@@ -3181,6 +2920,26 @@ declare class OrganizationsModule {
      * ```
      */
     get(orgSlug: string): Promise<OrganizationResponse>;
+    /**
+     * Select/switch to a different organization context.
+     * Issues a new JWT token with the organization context.
+     *
+     * This allows users to seamlessly switch between organizations
+     * they are members of without re-authenticating.
+     *
+     * @param orgSlug Organization slug to switch to
+     * @returns New tokens with organization context
+     *
+     * @example
+     * ```typescript
+     * // Switch to a different organization
+     * const result = await sso.organizations.select('acme-corp');
+     *
+     * // The SDK automatically updates the session with new tokens
+     * // API calls will now be made in the context of 'acme-corp'
+     * ```
+     */
+    select(orgSlug: string): Promise<SelectOrganizationResponse>;
     /**
      * Update organization details.
      * Requires 'owner' or 'admin' role.
@@ -3804,6 +3563,19 @@ declare class OrganizationsModule {
             url: string;
         }>;
     };
+    /**
+     * Security & Risk insights
+     */
+    security: {
+        /**
+         * Get risk events for an organization.
+         * Requires 'owner' or 'admin' role.
+         *
+         * @param orgSlug Organization slug
+         * @param params Query parameters
+         */
+        getRiskEvents: (orgSlug: string, params?: RiskEventsQuery) => Promise<RiskEventResponse[]>;
+    };
     /**
      * BYOP (Bring Your Own Payment) credential management.
      * Allows organizations to configure their own billing provider credentials
@@ -5769,4 +5541,4 @@ declare class SsoApiError extends Error {
     isNotFound(): boolean;
 }
 
-export { type AcceptInvitationPayload, type AdminLoginUrlParams, type AnalyticsQuery, type ApiKey, type ApiKeyCreateResponse, type ApproveOrganizationPayload, type AuditLog, type AuditLogEntry, type AuditLogQueryParams, type AuditLogResponse, AuthErrorCodes, AuthMethod, AuthModule, type AuthSnapshot, type AuthenticationResponseJSON, type BackupCodesResponse, type BrandingConfiguration, BrowserStorage, type ChangePasswordRequest, type ChangePasswordResponse, type ConfigureSamlPayload, type ConfigureSamlResponse, CookieStorage, type CreateApiKeyPayload, type CreateCheckoutPayload, type CreateCheckoutResponse, type CreateInvitationPayload, type CreateOrganizationPayload, type CreateOrganizationResponse, type CreatePlanPayload, type CreateScimTokenRequest, type CreateServicePayload, type CreateServiceResponse, type CreateSiemConfigRequest, type CreateWebhookRequest, type DeclineInvitationPayload, type DeviceCodeRequest, type DeviceCodeResponse, type DeviceTrust, type DeviceVerifyResponse, type DomainConfiguration, type DomainVerificationMethod, type DomainVerificationResponse, type DomainVerificationResult, type EndUser, type EndUserDetailResponse, type EndUserIdentity, type EndUserListResponse, type EndUserSubscription, type EventTypeInfo, type ExportUserDataResponse, type ForgetUserResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GeolocationData, type GetAuditLogParams, type GetRiskSettingsResponse, type GrowthTrendPoint, type Identity, type ImpersonateRequest, type ImpersonateResponse, type ImpersonationUserInfo, type Invitation, type InvitationStatus, type InvitationWithOrg, InvitationsModule, type JwtClaims, type ListApiKeysResponse, type ListDevicesResponse, type ListEndUsersParams, type ListOrganizationsParams, type ListPlatformOrganizationsParams, type ListScimTokensResponse, type ListSiemConfigsResponse, type LoginActivityPoint, type LoginEventExport, type LoginRequest, type LoginTrendPoint, type LoginUrlParams, type LoginsByProvider, type LoginsByService, type LookupEmailRequest, type LookupEmailResponse, MagicLinks, type MemberListResponse, type MemberRole, type Membership, type MembershipExport, MemoryStorage, type MfaEventExport, type MfaSetupResponse, type MfaStatusResponse, type MfaVerificationRequest, type MfaVerificationResponse, type MfaVerifyRequest, type MfaVerifyResponse, type OAuthCredentials, type OAuthIdentityExport, type OAuthProvider, type Organization, type OrganizationMember, type OrganizationResponse, type OrganizationStatus, type OrganizationStatusBreakdown, type OrganizationTier, OrganizationsModule, type PaginatedResponse, type PaginationInfo, type PaginationParams, type Passkey, type PasskeyAuthFinishRequest, type PasskeyAuthFinishResponse, type PasskeyAuthStartRequest, type PasskeyAuthStartResponse, type PasskeyExport, type PasskeyRegisterFinishRequest, type PasskeyRegisterFinishResponse, type PasskeyRegisterStartRequest, type PasskeyRegisterStartResponse, PasskeysModule, PermissionsModule, type Plan, type PlanResponse, type PlatformAnalyticsDateRangeParams, PlatformModule, type PlatformOrganizationResponse, type PlatformOrganizationsListResponse, type PlatformOverviewMetrics, type PromotePlatformOwnerPayload, type ProviderToken, type ProviderTokenGrant, type RecentLogin, type RecentOrganization, type RefreshTokenRequest, type RefreshTokenResponse, type RegisterRequest, type RegisterResponse, type RegistrationResponseJSON, type RejectOrganizationPayload, type ResendVerificationRequest, type ResendVerificationResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDeviceRequest, type RevokeDeviceResponse, type RevokeSessionsResponse, RiskAction, type RiskAnalytics, type RiskAssessment, type RiskContext, type RiskEnforcementMode, type RiskEngineConfig, type RiskEvent, RiskEventOutcome, type RiskFactor, RiskFactorType, type RiskRule, type RiskRuleCondition, type RiskScore, type RiskSettings, type SamlCertificate, type SamlConfig, type ScimTokenResponse, type Service, ServiceApiModule, type ServiceListResponse, type ServiceResponse, type ServiceType, type ServiceWithDetails, ServicesModule, type SetCustomDomainRequest, type SetOAuthCredentialsPayload, type SetPasswordRequest, type SetPasswordResponse, type SetSmtpRequest, type SiemConfigResponse, type SiemProviderType, type SmtpConfigResponse, SsoApiError, SsoClient, type SsoClientOptions, type StartLinkResponse, type Subscription, type TestConnectionResponse, type TokenRequest, type TokenResponse, type TokenStorage, type TopOrganization, type TransferOwnershipPayload, type UpdateBrandingRequest, type UpdateMemberRolePayload, type UpdateOrganizationPayload, type UpdateOrganizationTierPayload, type UpdatePlanPayload, type UpdateRiskSettingsRequest, type UpdateRiskSettingsResponse, type UpdateServicePayload, type UpdateSiemConfigRequest, type UpdateUserProfilePayload, type UpdateWebhookRequest, type User, type UserDevice, UserModule, type UserProfile, type Webhook, type WebhookDelivery, type WebhookDeliveryListResponse, type WebhookDeliveryQueryParams, type WebhookListResponse, type WebhookResponse };
+export { type AcceptInvitationPayload, type AdminLoginUrlParams, type AnalyticsQuery, type ApiKey, type ApiKeyCreateResponse, type ApproveOrganizationPayload, type AuditLog, type AuditLogEntry, type AuditLogQueryParams, type AuditLogResponse, AuthErrorCodes, AuthModule, type AuthSnapshot, type AuthenticationResponseJSON, type BackupCodesResponse, type BrandingConfiguration, BrowserStorage, type ChangePasswordRequest, type ChangePasswordResponse, type ConfigureSamlPayload, type ConfigureSamlResponse, CookieStorage, type CreateApiKeyPayload, type CreateCheckoutPayload, type CreateCheckoutResponse, type CreateInvitationPayload, type CreateOrganizationPayload, type CreateOrganizationResponse, type CreatePlanPayload, type CreateScimTokenRequest, type CreateServicePayload, type CreateServiceResponse, type CreateSiemConfigRequest, type CreateWebhookRequest, type DeclineInvitationPayload, type DeviceCodeRequest, type DeviceCodeResponse, type DeviceVerifyResponse, type DomainConfiguration, type DomainVerificationMethod, type DomainVerificationResponse, type DomainVerificationResult, type EndUser, type EndUserDetailResponse, type EndUserIdentity, type EndUserListResponse, type EndUserSubscription, type EventTypeInfo, type ExportUserDataResponse, type ForgetUserResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GeoLocation, type GetAuditLogParams, type GetRiskSettingsResponse, type GrowthTrendPoint, type Identity, type ImpersonateRequest, type ImpersonateResponse, type ImpersonationUserInfo, type Invitation, type InvitationStatus, type InvitationWithOrg, InvitationsModule, type JwtClaims, type ListApiKeysResponse, type ListDevicesResponse, type ListEndUsersParams, type ListOrganizationsParams, type ListPlatformOrganizationsParams, type ListScimTokensResponse, type ListSiemConfigsResponse, type LoginActivityPoint, type LoginEventExport, type LoginRequest, type LoginTrendPoint, type LoginUrlParams, type LoginsByProvider, type LoginsByService, type LookupEmailRequest, type LookupEmailResponse, MagicLinks, type MemberListResponse, type MemberRole, type Membership, type MembershipExport, MemoryStorage, type MfaEventExport, type MfaSetupResponse, type MfaStatusResponse, type MfaVerificationRequest, type MfaVerificationResponse, type MfaVerifyRequest, type MfaVerifyResponse, type OAuthCredentials, type OAuthIdentityExport, type OAuthProvider, type Organization, type OrganizationMember, type OrganizationResponse, type OrganizationStatus, type OrganizationStatusBreakdown, type OrganizationTier, OrganizationsModule, type PaginatedResponse, type PaginationInfo, type PaginationParams, type Passkey, type PasskeyAuthFinishRequest, type PasskeyAuthFinishResponse, type PasskeyAuthStartRequest, type PasskeyAuthStartResponse, type PasskeyExport, type PasskeyRegisterFinishRequest, type PasskeyRegisterFinishResponse, type PasskeyRegisterStartRequest, type PasskeyRegisterStartResponse, PasskeysModule, PermissionsModule, type Plan, type PlanResponse, type PlatformAnalyticsDateRangeParams, PlatformModule, type PlatformOrganizationResponse, type PlatformOrganizationsListResponse, type PlatformOverviewMetrics, type PromotePlatformOwnerPayload, type ProviderToken, type ProviderTokenGrant, type RecentLogin, type RecentOrganization, type RefreshTokenRequest, type RefreshTokenResponse, type RegisterRequest, type RegisterResponse, type RegistrationResponseJSON, type RejectOrganizationPayload, type ResendVerificationRequest, type ResendVerificationResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDeviceRequest, type RevokeDeviceResponse, type RevokeSessionsResponse, type RiskAction, type RiskAssessment, type RiskEventResponse, type RiskEventsQuery, type SamlCertificate, type SamlConfig, type ScimTokenResponse, type SelectOrganizationResponse, type Service, ServiceApiModule, type ServiceListResponse, type ServiceResponse, type ServiceType, type ServiceWithDetails, ServicesModule, type SetCustomDomainRequest, type SetOAuthCredentialsPayload, type SetPasswordRequest, type SetPasswordResponse, type SetSmtpRequest, type SiemConfigResponse, type SiemProviderType, type SmtpConfigResponse, SsoApiError, SsoClient, type SsoClientOptions, type StartLinkResponse, type Subscription, type TestConnectionResponse, type TokenRequest, type TokenResponse, type TokenStorage, type TopOrganization, type TransferOwnershipPayload, type UpdateBrandingRequest, type UpdateMemberRolePayload, type UpdateOrganizationPayload, type UpdateOrganizationTierPayload, type UpdatePlanPayload, type UpdateRiskSettingsRequest, type UpdateRiskSettingsResponse, type UpdateServicePayload, type UpdateSiemConfigRequest, type UpdateUserProfilePayload, type UpdateWebhookRequest, type User, type UserDevice, UserModule, type UserProfile, type Webhook, type WebhookDelivery, type WebhookDeliveryListResponse, type WebhookDeliveryQueryParams, type WebhookListResponse, type WebhookResponse };

package/dist/index.d.ts

@@ -162,306 +162,35 @@ interface JwtClaims {
     iat: number;
 }
 
-/**
- * Risk assessment and engine types
- */
-/**
- * Risk score levels
- */
-type RiskScore = number;
-/**
- * Risk assessment results from the risk engine
- */
-interface RiskAssessment {
-    /** Overall risk score (0-100, higher is more risky) */
-    score: RiskScore;
-    /** Action to take based on risk assessment */
-    action: RiskAction;
-    /** Specific risk factors that contributed to the score */
-    factors: RiskFactor[];
-    /** Geolocation data if available */
-    location?: GeolocationData;
-    /** When the assessment was performed */
-    assessedAt: string;
-    /** Additional metadata about the assessment */
-    metadata?: Record<string, unknown>;
-}
-/**
- * Risk actions the engine can recommend
- */
-declare enum RiskAction {
-    /** Allow the authentication to proceed */
-    ALLOW = "allow",
-    /** Log only - allow but monitor */
-    LOG_ONLY = "log_only",
-    /** Require additional verification (MFA) */
-    CHALLENGE_MFA = "challenge_mfa",
-    /** Block the authentication attempt */
-    BLOCK = "block"
-}
-/**
- * Individual risk factors that contribute to overall risk score
- */
-interface RiskFactor {
-    /** Type of risk factor */
-    type: RiskFactorType;
-    /** How much this factor contributes to the score */
-    weight: number;
-    /** Human-readable description */
-    description: string;
-    /** Additional data about this factor */
-    data?: Record<string, unknown>;
-}
-/**
- * Types of risk factors the engine can detect
- */
-declare enum RiskFactorType {
-    /** Unknown IP address or never seen before */
-    NEW_IP = "new_ip",
-    /** IP from high-risk country or region */
-    HIGH_RISK_LOCATION = "high_risk_location",
-    /** Impossible travel - login from geographically impossible locations */
-    IMPOSSIBLE_TRAVEL = "impossible_travel",
-    /** New device or browser fingerprint */
-    NEW_DEVICE = "new_device",
-    /** Multiple failed login attempts */
-    FAILED_ATTEMPTS = "failed_attempts",
-    /** Login from unusual time of day */
-    UNUSUAL_TIME = "unusual_time",
-    /** Suspicious user agent or bot patterns */
-    SUSPICIOUS_USER_AGENT = "suspicious_user_agent",
-    /** Tor exit node or VPN detected */
-    ANONYMOUS_NETWORK = "anonymous_network",
-    /** Account is new (recently created) */
-    NEW_ACCOUNT = "new_account",
-    /** Account has suspicious activity history */
-    SUSPICIOUS_HISTORY = "suspicious_history",
-    /** Velocity-based detection (too many actions) */
-    HIGH_VELOCITY = "high_velocity",
-    /** Custom rule triggered */
-    CUSTOM_RULE = "custom_rule"
-}
-/**
- * Geolocation data for risk assessment
- */
-interface GeolocationData {
-    /** Two-letter ISO country code */
+interface GeoLocation {
     country: string;
-    /** City name if available */
     city?: string;
-    /** Region/state if available */
-    region?: string;
-    /** Latitude coordinate */
-    latitude?: number;
-    /** Longitude coordinate */
-    longitude?: number;
-    /** ISP or organization name */
-    isp?: string;
-    /** Whether this is a known VPN/proxy */
-    isVpn?: boolean;
-    /** Whether this is a Tor exit node */
-    isTor?: boolean;
-}
-/**
- * Context provided to risk engine for assessment
- */
-interface RiskContext {
-    /** User ID being authenticated */
-    userId: string;
-    /** Organization ID if applicable */
-    orgId?: string;
-    /** IP address of the request */
-    ipAddress: string;
-    /** User agent string */
-    userAgent: string;
-    /** Device fingerprint or cookie if available */
-    deviceCookie?: string;
-    /** Authentication method being used */
-    authMethod: AuthMethod;
-    /** Additional context data */
-    metadata?: Record<string, unknown>;
-}
-/**
- * Authentication methods for risk assessment
- */
-declare enum AuthMethod {
-    /** Email and password */
-    PASSWORD = "password",
-    /** OAuth provider (Google, GitHub, etc.) */
-    OAUTH = "oauth",
-    /** WebAuthn passkeys */
-    PASSKEY = "passkey",
-    /** Magic link email */
-    MAGIC_LINK = "magic_link",
-    /** Multi-factor authentication */
-    MFA = "mfa",
-    /** SAML SSO */
-    SAML = "saml"
-}
-/**
- * Risk engine configuration for organizations
- */
-interface RiskEngineConfig {
-    /** Enable/disable risk engine */
-    enabled: boolean;
-    /** Risk score threshold for blocking */
-    blockThreshold: RiskScore;
-    /** Risk score threshold for requiring MFA */
-    mfaThreshold: RiskScore;
-    /** Which risk factors to consider */
-    enabledFactors: RiskFactorType[];
-    /** Custom rules and weights */
-    customRules?: RiskRule[];
-    /** How long to remember trusted devices */
-    deviceTrustDuration: number;
-    /** Whether to enable location-based risk assessment */
-    enableLocationTracking: boolean;
-    /** Max failed attempts before increased risk */
-    maxFailedAttempts: number;
-    /** Time window for velocity checks */
-    velocityWindow: number;
-}
-/**
- * Custom risk rule definition
- */
-interface RiskRule {
-    /** Unique rule identifier */
-    id: string;
-    /** Rule name for display */
-    name: string;
-    /** Rule description */
-    description: string;
-    /** Condition to trigger the rule */
-    condition: RiskRuleCondition;
-    /** Action to take when rule triggers */
-    action: RiskAction;
-    /** How much weight this rule carries */
-    weight: number;
-    /** Whether the rule is enabled */
-    enabled: boolean;
+    latitude: number;
+    longitude: number;
 }
-/**
- * Risk rule condition
- */
-interface RiskRuleCondition {
-    /** Field to check */
-    field: string;
-    /** Operator for comparison */
-    operator: 'eq' | 'ne' | 'gt' | 'gte' | 'lt' | 'lte' | 'in' | 'contains' | 'regex';
-    /** Value to compare against */
-    value: unknown;
-    /** Additional conditions (AND logic) */
-    and?: RiskRuleCondition[];
-    /** Alternative conditions (OR logic) */
-    or?: RiskRuleCondition[];
-}
-/**
- * Device trust information
- */
-interface DeviceTrust {
-    /** Device ID */
-    deviceId: string;
-    /** User ID this device belongs to */
-    userId: string;
-    /** Device name or description */
-    deviceName: string;
-    /** When the device was first seen */
-    firstSeenAt: string;
-    /** When the device was last used */
-    lastSeenAt: string;
-    /** When the device trust expires */
-    expiresAt: string;
-    /** IP address when device was registered */
-    registrationIp?: string;
-    /** Risk score for this device */
-    riskScore: RiskScore;
-    /** Whether this device is currently trusted */
-    isTrusted: boolean;
+type RiskAction = 'allow' | 'challenge_mfa' | 'block' | 'log_only';
+interface RiskAssessment {
+    score: number;
+    factors: string[];
+    action: RiskAction;
+    location?: GeoLocation;
 }
-/**
- * Risk event for logging and monitoring
- */
-interface RiskEvent {
-    /** Unique event ID */
+interface RiskEventResponse {
     id: string;
-    /** User ID involved */
-    userId: string;
-    /** Organization ID if applicable */
-    orgId?: string;
-    /** Risk assessment that triggered this event */
-    assessment: RiskAssessment;
-    /** Authentication context */
-    context: RiskContext;
-    /** When the event occurred */
-    timestamp: string;
-    /** Event outcome */
-    outcome: RiskEventOutcome;
-    /** Additional event metadata */
-    metadata?: Record<string, unknown>;
-}
-/**
- * Risk event outcomes
- */
-declare enum RiskEventOutcome {
-    /** Authentication was allowed */
-    ALLOWED = "allowed",
-    /** Authentication was blocked */
-    BLOCKED = "blocked",
-    /** Additional verification was required */
-    CHALLENGED = "challenged",
-    /** Event was logged but no action taken */
-    LOGGED = "logged"
-}
-/**
- * Risk engine analytics and reporting
- */
-interface RiskAnalytics {
-    /** Total risk assessments in time period */
-    totalAssessments: number;
-    /** Risk score distribution */
-    scoreDistribution: {
-        low: number;
-        medium: number;
-        high: number;
-        critical: number;
-    };
-    /** Most common risk factors */
-    topRiskFactors: Array<{
-        factor: RiskFactorType;
-        count: number;
-        percentage: number;
-    }>;
-    /** Blocked authentication attempts */
-    blockedAttempts: number;
-    /** MFA challenges issued */
-    mfaChallenges: number;
-    /** Geographic risk data */
-    locationRisk: Array<{
-        country: string;
-        riskCount: number;
-        riskScore: number;
-    }>;
-    /** Time-based risk patterns */
-    temporalPatterns: {
-        hourly: number[];
-        daily: number[];
-    };
+    user_id: string;
+    user_email?: string;
+    created_at: string;
+    risk_score: number;
+    risk_factors: string[];
+    geo_country?: string;
+    geo_city?: string;
+    ip_address?: string;
+    provider: string;
 }
-/**
- * Risk enforcement modes
- */
-type RiskEnforcementMode = 'log_only' | 'monitor' | 'block' | 'challenge_mfa';
-/**
- * Organization risk settings
- */
-interface RiskSettings {
-    enforcement_mode: RiskEnforcementMode;
-    low_threshold: number;
-    medium_threshold: number;
-    new_device_score: number;
-    impossible_travel_score: number;
-    velocity_threshold: number;
-    velocity_score: number;
+interface RiskEventsQuery {
+    page?: number;
+    limit?: number;
+    min_score?: number;
 }
 
 /**
@@ -906,6 +635,16 @@ interface CreateOrganizationResponse {
     access_token: string;
     refresh_token: string;
 }
+/**
+ * Select organization response - returned when switching org context
+ */
+interface SelectOrganizationResponse {
+    organization: Organization;
+    membership: Membership;
+    access_token: string;
+    refresh_token: string;
+    expires_in: number;
+}
 /**
  * Update organization payload
  */
@@ -3181,6 +2920,26 @@ declare class OrganizationsModule {
      * ```
      */
     get(orgSlug: string): Promise<OrganizationResponse>;
+    /**
+     * Select/switch to a different organization context.
+     * Issues a new JWT token with the organization context.
+     *
+     * This allows users to seamlessly switch between organizations
+     * they are members of without re-authenticating.
+     *
+     * @param orgSlug Organization slug to switch to
+     * @returns New tokens with organization context
+     *
+     * @example
+     * ```typescript
+     * // Switch to a different organization
+     * const result = await sso.organizations.select('acme-corp');
+     *
+     * // The SDK automatically updates the session with new tokens
+     * // API calls will now be made in the context of 'acme-corp'
+     * ```
+     */
+    select(orgSlug: string): Promise<SelectOrganizationResponse>;
     /**
      * Update organization details.
      * Requires 'owner' or 'admin' role.
@@ -3804,6 +3563,19 @@ declare class OrganizationsModule {
             url: string;
         }>;
     };
+    /**
+     * Security & Risk insights
+     */
+    security: {
+        /**
+         * Get risk events for an organization.
+         * Requires 'owner' or 'admin' role.
+         *
+         * @param orgSlug Organization slug
+         * @param params Query parameters
+         */
+        getRiskEvents: (orgSlug: string, params?: RiskEventsQuery) => Promise<RiskEventResponse[]>;
+    };
     /**
      * BYOP (Bring Your Own Payment) credential management.
      * Allows organizations to configure their own billing provider credentials
@@ -5769,4 +5541,4 @@ declare class SsoApiError extends Error {
     isNotFound(): boolean;
 }
 
-export { type AcceptInvitationPayload, type AdminLoginUrlParams, type AnalyticsQuery, type ApiKey, type ApiKeyCreateResponse, type ApproveOrganizationPayload, type AuditLog, type AuditLogEntry, type AuditLogQueryParams, type AuditLogResponse, AuthErrorCodes, AuthMethod, AuthModule, type AuthSnapshot, type AuthenticationResponseJSON, type BackupCodesResponse, type BrandingConfiguration, BrowserStorage, type ChangePasswordRequest, type ChangePasswordResponse, type ConfigureSamlPayload, type ConfigureSamlResponse, CookieStorage, type CreateApiKeyPayload, type CreateCheckoutPayload, type CreateCheckoutResponse, type CreateInvitationPayload, type CreateOrganizationPayload, type CreateOrganizationResponse, type CreatePlanPayload, type CreateScimTokenRequest, type CreateServicePayload, type CreateServiceResponse, type CreateSiemConfigRequest, type CreateWebhookRequest, type DeclineInvitationPayload, type DeviceCodeRequest, type DeviceCodeResponse, type DeviceTrust, type DeviceVerifyResponse, type DomainConfiguration, type DomainVerificationMethod, type DomainVerificationResponse, type DomainVerificationResult, type EndUser, type EndUserDetailResponse, type EndUserIdentity, type EndUserListResponse, type EndUserSubscription, type EventTypeInfo, type ExportUserDataResponse, type ForgetUserResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GeolocationData, type GetAuditLogParams, type GetRiskSettingsResponse, type GrowthTrendPoint, type Identity, type ImpersonateRequest, type ImpersonateResponse, type ImpersonationUserInfo, type Invitation, type InvitationStatus, type InvitationWithOrg, InvitationsModule, type JwtClaims, type ListApiKeysResponse, type ListDevicesResponse, type ListEndUsersParams, type ListOrganizationsParams, type ListPlatformOrganizationsParams, type ListScimTokensResponse, type ListSiemConfigsResponse, type LoginActivityPoint, type LoginEventExport, type LoginRequest, type LoginTrendPoint, type LoginUrlParams, type LoginsByProvider, type LoginsByService, type LookupEmailRequest, type LookupEmailResponse, MagicLinks, type MemberListResponse, type MemberRole, type Membership, type MembershipExport, MemoryStorage, type MfaEventExport, type MfaSetupResponse, type MfaStatusResponse, type MfaVerificationRequest, type MfaVerificationResponse, type MfaVerifyRequest, type MfaVerifyResponse, type OAuthCredentials, type OAuthIdentityExport, type OAuthProvider, type Organization, type OrganizationMember, type OrganizationResponse, type OrganizationStatus, type OrganizationStatusBreakdown, type OrganizationTier, OrganizationsModule, type PaginatedResponse, type PaginationInfo, type PaginationParams, type Passkey, type PasskeyAuthFinishRequest, type PasskeyAuthFinishResponse, type PasskeyAuthStartRequest, type PasskeyAuthStartResponse, type PasskeyExport, type PasskeyRegisterFinishRequest, type PasskeyRegisterFinishResponse, type PasskeyRegisterStartRequest, type PasskeyRegisterStartResponse, PasskeysModule, PermissionsModule, type Plan, type PlanResponse, type PlatformAnalyticsDateRangeParams, PlatformModule, type PlatformOrganizationResponse, type PlatformOrganizationsListResponse, type PlatformOverviewMetrics, type PromotePlatformOwnerPayload, type ProviderToken, type ProviderTokenGrant, type RecentLogin, type RecentOrganization, type RefreshTokenRequest, type RefreshTokenResponse, type RegisterRequest, type RegisterResponse, type RegistrationResponseJSON, type RejectOrganizationPayload, type ResendVerificationRequest, type ResendVerificationResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDeviceRequest, type RevokeDeviceResponse, type RevokeSessionsResponse, RiskAction, type RiskAnalytics, type RiskAssessment, type RiskContext, type RiskEnforcementMode, type RiskEngineConfig, type RiskEvent, RiskEventOutcome, type RiskFactor, RiskFactorType, type RiskRule, type RiskRuleCondition, type RiskScore, type RiskSettings, type SamlCertificate, type SamlConfig, type ScimTokenResponse, type Service, ServiceApiModule, type ServiceListResponse, type ServiceResponse, type ServiceType, type ServiceWithDetails, ServicesModule, type SetCustomDomainRequest, type SetOAuthCredentialsPayload, type SetPasswordRequest, type SetPasswordResponse, type SetSmtpRequest, type SiemConfigResponse, type SiemProviderType, type SmtpConfigResponse, SsoApiError, SsoClient, type SsoClientOptions, type StartLinkResponse, type Subscription, type TestConnectionResponse, type TokenRequest, type TokenResponse, type TokenStorage, type TopOrganization, type TransferOwnershipPayload, type UpdateBrandingRequest, type UpdateMemberRolePayload, type UpdateOrganizationPayload, type UpdateOrganizationTierPayload, type UpdatePlanPayload, type UpdateRiskSettingsRequest, type UpdateRiskSettingsResponse, type UpdateServicePayload, type UpdateSiemConfigRequest, type UpdateUserProfilePayload, type UpdateWebhookRequest, type User, type UserDevice, UserModule, type UserProfile, type Webhook, type WebhookDelivery, type WebhookDeliveryListResponse, type WebhookDeliveryQueryParams, type WebhookListResponse, type WebhookResponse };
+export { type AcceptInvitationPayload, type AdminLoginUrlParams, type AnalyticsQuery, type ApiKey, type ApiKeyCreateResponse, type ApproveOrganizationPayload, type AuditLog, type AuditLogEntry, type AuditLogQueryParams, type AuditLogResponse, AuthErrorCodes, AuthModule, type AuthSnapshot, type AuthenticationResponseJSON, type BackupCodesResponse, type BrandingConfiguration, BrowserStorage, type ChangePasswordRequest, type ChangePasswordResponse, type ConfigureSamlPayload, type ConfigureSamlResponse, CookieStorage, type CreateApiKeyPayload, type CreateCheckoutPayload, type CreateCheckoutResponse, type CreateInvitationPayload, type CreateOrganizationPayload, type CreateOrganizationResponse, type CreatePlanPayload, type CreateScimTokenRequest, type CreateServicePayload, type CreateServiceResponse, type CreateSiemConfigRequest, type CreateWebhookRequest, type DeclineInvitationPayload, type DeviceCodeRequest, type DeviceCodeResponse, type DeviceVerifyResponse, type DomainConfiguration, type DomainVerificationMethod, type DomainVerificationResponse, type DomainVerificationResult, type EndUser, type EndUserDetailResponse, type EndUserIdentity, type EndUserListResponse, type EndUserSubscription, type EventTypeInfo, type ExportUserDataResponse, type ForgetUserResponse, type ForgotPasswordRequest, type ForgotPasswordResponse, type GeoLocation, type GetAuditLogParams, type GetRiskSettingsResponse, type GrowthTrendPoint, type Identity, type ImpersonateRequest, type ImpersonateResponse, type ImpersonationUserInfo, type Invitation, type InvitationStatus, type InvitationWithOrg, InvitationsModule, type JwtClaims, type ListApiKeysResponse, type ListDevicesResponse, type ListEndUsersParams, type ListOrganizationsParams, type ListPlatformOrganizationsParams, type ListScimTokensResponse, type ListSiemConfigsResponse, type LoginActivityPoint, type LoginEventExport, type LoginRequest, type LoginTrendPoint, type LoginUrlParams, type LoginsByProvider, type LoginsByService, type LookupEmailRequest, type LookupEmailResponse, MagicLinks, type MemberListResponse, type MemberRole, type Membership, type MembershipExport, MemoryStorage, type MfaEventExport, type MfaSetupResponse, type MfaStatusResponse, type MfaVerificationRequest, type MfaVerificationResponse, type MfaVerifyRequest, type MfaVerifyResponse, type OAuthCredentials, type OAuthIdentityExport, type OAuthProvider, type Organization, type OrganizationMember, type OrganizationResponse, type OrganizationStatus, type OrganizationStatusBreakdown, type OrganizationTier, OrganizationsModule, type PaginatedResponse, type PaginationInfo, type PaginationParams, type Passkey, type PasskeyAuthFinishRequest, type PasskeyAuthFinishResponse, type PasskeyAuthStartRequest, type PasskeyAuthStartResponse, type PasskeyExport, type PasskeyRegisterFinishRequest, type PasskeyRegisterFinishResponse, type PasskeyRegisterStartRequest, type PasskeyRegisterStartResponse, PasskeysModule, PermissionsModule, type Plan, type PlanResponse, type PlatformAnalyticsDateRangeParams, PlatformModule, type PlatformOrganizationResponse, type PlatformOrganizationsListResponse, type PlatformOverviewMetrics, type PromotePlatformOwnerPayload, type ProviderToken, type ProviderTokenGrant, type RecentLogin, type RecentOrganization, type RefreshTokenRequest, type RefreshTokenResponse, type RegisterRequest, type RegisterResponse, type RegistrationResponseJSON, type RejectOrganizationPayload, type ResendVerificationRequest, type ResendVerificationResponse, type ResetPasswordRequest, type ResetPasswordResponse, type RevokeDeviceRequest, type RevokeDeviceResponse, type RevokeSessionsResponse, type RiskAction, type RiskAssessment, type RiskEventResponse, type RiskEventsQuery, type SamlCertificate, type SamlConfig, type ScimTokenResponse, type SelectOrganizationResponse, type Service, ServiceApiModule, type ServiceListResponse, type ServiceResponse, type ServiceType, type ServiceWithDetails, ServicesModule, type SetCustomDomainRequest, type SetOAuthCredentialsPayload, type SetPasswordRequest, type SetPasswordResponse, type SetSmtpRequest, type SiemConfigResponse, type SiemProviderType, type SmtpConfigResponse, SsoApiError, SsoClient, type SsoClientOptions, type StartLinkResponse, type Subscription, type TestConnectionResponse, type TokenRequest, type TokenResponse, type TokenStorage, type TopOrganization, type TransferOwnershipPayload, type UpdateBrandingRequest, type UpdateMemberRolePayload, type UpdateOrganizationPayload, type UpdateOrganizationTierPayload, type UpdatePlanPayload, type UpdateRiskSettingsRequest, type UpdateRiskSettingsResponse, type UpdateServicePayload, type UpdateSiemConfigRequest, type UpdateUserProfilePayload, type UpdateWebhookRequest, type User, type UserDevice, UserModule, type UserProfile, type Webhook, type WebhookDelivery, type WebhookDeliveryListResponse, type WebhookDeliveryQueryParams, type WebhookListResponse, type WebhookResponse };

package/dist/index.js

@@ -21,7 +21,6 @@ var __toCommonJS = (mod) => __copyProps(__defProp({}, "__esModule", { value: tru
 var index_exports = {};
 __export(index_exports, {
   AuthErrorCodes: () => AuthErrorCodes,
-  AuthMethod: () => AuthMethod,
   AuthModule: () => AuthModule,
   BrowserStorage: () => BrowserStorage,
   CookieStorage: () => CookieStorage,
@@ -32,9 +31,6 @@ __export(index_exports, {
   PasskeysModule: () => PasskeysModule,
   PermissionsModule: () => PermissionsModule,
   PlatformModule: () => PlatformModule,
-  RiskAction: () => RiskAction,
-  RiskEventOutcome: () => RiskEventOutcome,
-  RiskFactorType: () => RiskFactorType,
   ServiceApiModule: () => ServiceApiModule,
   ServicesModule: () => ServicesModule,
   SsoApiError: () => SsoApiError,
@@ -2152,6 +2148,25 @@ var OrganizationsModule = class {
         return response.data;
       }
     };
+    /**
+     * Security & Risk insights
+     */
+    this.security = {
+      /**
+       * Get risk events for an organization.
+       * Requires 'owner' or 'admin' role.
+       * 
+       * @param orgSlug Organization slug
+       * @param params Query parameters
+       */
+      getRiskEvents: async (orgSlug, params) => {
+        const response = await this.http.get(
+          `/api/organizations/${orgSlug}/risk-events`,
+          { params }
+        );
+        return response.data;
+      }
+    };
     // ============================================================================
     // BYOP - BRING YOUR OWN PAYMENT
     // ============================================================================
@@ -2287,6 +2302,31 @@ var OrganizationsModule = class {
     const response = await this.http.get(`/api/organizations/${orgSlug}`);
     return response.data;
   }
+  /**
+   * Select/switch to a different organization context.
+   * Issues a new JWT token with the organization context.
+   * 
+   * This allows users to seamlessly switch between organizations
+   * they are members of without re-authenticating.
+   *
+   * @param orgSlug Organization slug to switch to
+   * @returns New tokens with organization context
+   *
+   * @example
+   * ```typescript
+   * // Switch to a different organization
+   * const result = await sso.organizations.select('acme-corp');
+   * 
+   * // The SDK automatically updates the session with new tokens
+   * // API calls will now be made in the context of 'acme-corp'
+   * ```
+   */
+  async select(orgSlug) {
+    const response = await this.http.post(
+      `/api/organizations/${orgSlug}/select`
+    );
+    return response.data;
+  }
   /**
    * Update organization details.
    * Requires 'owner' or 'admin' role.
@@ -4645,50 +4685,9 @@ var SsoClient = class {
     return this.session.getToken();
   }
 };
-
-// src/types/risk.ts
-var RiskAction = /* @__PURE__ */ ((RiskAction2) => {
-  RiskAction2["ALLOW"] = "allow";
-  RiskAction2["LOG_ONLY"] = "log_only";
-  RiskAction2["CHALLENGE_MFA"] = "challenge_mfa";
-  RiskAction2["BLOCK"] = "block";
-  return RiskAction2;
-})(RiskAction || {});
-var RiskFactorType = /* @__PURE__ */ ((RiskFactorType2) => {
-  RiskFactorType2["NEW_IP"] = "new_ip";
-  RiskFactorType2["HIGH_RISK_LOCATION"] = "high_risk_location";
-  RiskFactorType2["IMPOSSIBLE_TRAVEL"] = "impossible_travel";
-  RiskFactorType2["NEW_DEVICE"] = "new_device";
-  RiskFactorType2["FAILED_ATTEMPTS"] = "failed_attempts";
-  RiskFactorType2["UNUSUAL_TIME"] = "unusual_time";
-  RiskFactorType2["SUSPICIOUS_USER_AGENT"] = "suspicious_user_agent";
-  RiskFactorType2["ANONYMOUS_NETWORK"] = "anonymous_network";
-  RiskFactorType2["NEW_ACCOUNT"] = "new_account";
-  RiskFactorType2["SUSPICIOUS_HISTORY"] = "suspicious_history";
-  RiskFactorType2["HIGH_VELOCITY"] = "high_velocity";
-  RiskFactorType2["CUSTOM_RULE"] = "custom_rule";
-  return RiskFactorType2;
-})(RiskFactorType || {});
-var AuthMethod = /* @__PURE__ */ ((AuthMethod2) => {
-  AuthMethod2["PASSWORD"] = "password";
-  AuthMethod2["OAUTH"] = "oauth";
-  AuthMethod2["PASSKEY"] = "passkey";
-  AuthMethod2["MAGIC_LINK"] = "magic_link";
-  AuthMethod2["MFA"] = "mfa";
-  AuthMethod2["SAML"] = "saml";
-  return AuthMethod2;
-})(AuthMethod || {});
-var RiskEventOutcome = /* @__PURE__ */ ((RiskEventOutcome2) => {
-  RiskEventOutcome2["ALLOWED"] = "allowed";
-  RiskEventOutcome2["BLOCKED"] = "blocked";
-  RiskEventOutcome2["CHALLENGED"] = "challenged";
-  RiskEventOutcome2["LOGGED"] = "logged";
-  return RiskEventOutcome2;
-})(RiskEventOutcome || {});
 // Annotate the CommonJS export names for ESM import in node:
 0 && (module.exports = {
   AuthErrorCodes,
-  AuthMethod,
   AuthModule,
   BrowserStorage,
   CookieStorage,
@@ -4699,9 +4698,6 @@ var RiskEventOutcome = /* @__PURE__ */ ((RiskEventOutcome2) => {
   PasskeysModule,
   PermissionsModule,
   PlatformModule,
-  RiskAction,
-  RiskEventOutcome,
-  RiskFactorType,
   ServiceApiModule,
   ServicesModule,
   SsoApiError,

package/dist/index.mjs

@@ -2107,6 +2107,25 @@ var OrganizationsModule = class {
         return response.data;
       }
     };
+    /**
+     * Security & Risk insights
+     */
+    this.security = {
+      /**
+       * Get risk events for an organization.
+       * Requires 'owner' or 'admin' role.
+       * 
+       * @param orgSlug Organization slug
+       * @param params Query parameters
+       */
+      getRiskEvents: async (orgSlug, params) => {
+        const response = await this.http.get(
+          `/api/organizations/${orgSlug}/risk-events`,
+          { params }
+        );
+        return response.data;
+      }
+    };
     // ============================================================================
     // BYOP - BRING YOUR OWN PAYMENT
     // ============================================================================
@@ -2242,6 +2261,31 @@ var OrganizationsModule = class {
     const response = await this.http.get(`/api/organizations/${orgSlug}`);
     return response.data;
   }
+  /**
+   * Select/switch to a different organization context.
+   * Issues a new JWT token with the organization context.
+   * 
+   * This allows users to seamlessly switch between organizations
+   * they are members of without re-authenticating.
+   *
+   * @param orgSlug Organization slug to switch to
+   * @returns New tokens with organization context
+   *
+   * @example
+   * ```typescript
+   * // Switch to a different organization
+   * const result = await sso.organizations.select('acme-corp');
+   * 
+   * // The SDK automatically updates the session with new tokens
+   * // API calls will now be made in the context of 'acme-corp'
+   * ```
+   */
+  async select(orgSlug) {
+    const response = await this.http.post(
+      `/api/organizations/${orgSlug}/select`
+    );
+    return response.data;
+  }
   /**
    * Update organization details.
    * Requires 'owner' or 'admin' role.
@@ -4600,49 +4644,8 @@ var SsoClient = class {
     return this.session.getToken();
   }
 };
-
-// src/types/risk.ts
-var RiskAction = /* @__PURE__ */ ((RiskAction2) => {
-  RiskAction2["ALLOW"] = "allow";
-  RiskAction2["LOG_ONLY"] = "log_only";
-  RiskAction2["CHALLENGE_MFA"] = "challenge_mfa";
-  RiskAction2["BLOCK"] = "block";
-  return RiskAction2;
-})(RiskAction || {});
-var RiskFactorType = /* @__PURE__ */ ((RiskFactorType2) => {
-  RiskFactorType2["NEW_IP"] = "new_ip";
-  RiskFactorType2["HIGH_RISK_LOCATION"] = "high_risk_location";
-  RiskFactorType2["IMPOSSIBLE_TRAVEL"] = "impossible_travel";
-  RiskFactorType2["NEW_DEVICE"] = "new_device";
-  RiskFactorType2["FAILED_ATTEMPTS"] = "failed_attempts";
-  RiskFactorType2["UNUSUAL_TIME"] = "unusual_time";
-  RiskFactorType2["SUSPICIOUS_USER_AGENT"] = "suspicious_user_agent";
-  RiskFactorType2["ANONYMOUS_NETWORK"] = "anonymous_network";
-  RiskFactorType2["NEW_ACCOUNT"] = "new_account";
-  RiskFactorType2["SUSPICIOUS_HISTORY"] = "suspicious_history";
-  RiskFactorType2["HIGH_VELOCITY"] = "high_velocity";
-  RiskFactorType2["CUSTOM_RULE"] = "custom_rule";
-  return RiskFactorType2;
-})(RiskFactorType || {});
-var AuthMethod = /* @__PURE__ */ ((AuthMethod2) => {
-  AuthMethod2["PASSWORD"] = "password";
-  AuthMethod2["OAUTH"] = "oauth";
-  AuthMethod2["PASSKEY"] = "passkey";
-  AuthMethod2["MAGIC_LINK"] = "magic_link";
-  AuthMethod2["MFA"] = "mfa";
-  AuthMethod2["SAML"] = "saml";
-  return AuthMethod2;
-})(AuthMethod || {});
-var RiskEventOutcome = /* @__PURE__ */ ((RiskEventOutcome2) => {
-  RiskEventOutcome2["ALLOWED"] = "allowed";
-  RiskEventOutcome2["BLOCKED"] = "blocked";
-  RiskEventOutcome2["CHALLENGED"] = "challenged";
-  RiskEventOutcome2["LOGGED"] = "logged";
-  return RiskEventOutcome2;
-})(RiskEventOutcome || {});
 export {
   AuthErrorCodes,
-  AuthMethod,
   AuthModule,
   BrowserStorage,
   CookieStorage,
@@ -4653,9 +4656,6 @@ export {
   PasskeysModule,
   PermissionsModule,
   PlatformModule,
-  RiskAction,
-  RiskEventOutcome,
-  RiskFactorType,
   ServiceApiModule,
   ServicesModule,
   SsoApiError,

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@drmhse/sso-sdk",
-  "version": "0.3.7",
+  "version": "0.3.9",
   "description": "Zero-dependency TypeScript SDK for AuthOS, the multi-tenant authentication platform",
   "main": "dist/index.js",
   "module": "dist/index.mjs",