@fusebase/fusebase-gate-sdk 2.2.2-sdk.3 → 2.2.2-sdk.30

package/dist/types/org-user/org-user.d.ts

@@ -43,6 +43,11 @@ export interface OrgUserAddRequestContract {
      * Without `workspaceId`, this remains an org invite email hint only.
      */
     portalUrl?: string;
+    /**
+     * Org-only shortcut for instant client onboarding without invite
+     * confirmation. Valid only when `orgRole` is `client` and `workspaceId`
+     * is omitted.
+     */
     autoConfirmClientInvite?: boolean;
 }
 export interface OrgInviteContract {
@@ -122,6 +127,8 @@ export interface OrgUserAddResponseContract {
     /**
      * org-service returns `invite` or `member` for org invites, and
      * `invite`, `member`, or `link` for workspace-aware invites.
+     * `invite` means an invite exists; it is not proof that org access is
+     * already active for the current session.
      */
     result: "invite" | "member" | "link";
     orgInvite?: OrgInviteContract;

package/dist/types/shared/enums.d.ts

@@ -1,6 +1,6 @@
 export type OrgRoleContract = "owner" | "manager" | "member" | "client" | "guest" | "visitor";
 export type PermissionContract = string & {
-    __pattern: "^[a-z][a-z0-9_]*(\\.[a-z0-9_]+)*\\.(read|write|delete|execute)$";
+    __pattern: "^[^.]+\\.(?:[^.]+\\.)?(read|write|delete|execute)$";
 };
 export type RootEntityContract = "custom" | "portal" | "workspace" | "org" | "user" | "client" | "form" | "form-response" | "tracker" | "tracker-result" | "meeting";
 export type ScopeTypeContract = "org" | "workspace" | "portal" | "user" | "client" | "block" | "tracker" | "parent_row" | "parent_table";

package/dist/types/shared/enums.js

@@ -37,7 +37,7 @@ exports.ScopeTypeContract = {
 exports.ScopeTypeOrgContract = {
     Org: "org"
 };
-const PERMISSION_RE = /^[a-z][a-z0-9_]*(\.[a-z0-9_]+)*\.(read|write|delete|execute)$/;
+const PERMISSION_RE = /^[^.]+\.(?:[^.]+\.)?(read|write|delete|execute)$/;
 function asPermission(value) {
     if (!PERMISSION_RE.test(value)) {
         throw new Error(`Invalid permission: ${value}`);

package/dist/types/system/system.d.ts

@@ -2,6 +2,14 @@ import type { PermissionContract } from "../shared/enums";
 export interface ResolveOperationPermissionsRequestContract {
     operations: string[];
 }
+export interface ListPermissionCatalogResultContract {
+    permissions: PermissionContract[];
+}
+export interface ListPermissionCatalogResponseContract {
+    success: boolean;
+    message?: string | null;
+    data: ListPermissionCatalogResultContract;
+}
 export type OperationPermissionMatchTypeContract = "operation_id" | "mcp_tool_name";
 export interface ResolvedOperationPermissionContract {
     requested: string;

package/dist/types/token/token.d.ts

@@ -6,6 +6,7 @@ export interface CreateTokenRequestContract {
     resource_scope: ResourceScopeContract;
     name?: string | null;
     expires_at?: Date | null;
+    meta?: TokenMetaContract;
 }
 export interface CreateTokenResponseContract {
     success: boolean;
@@ -16,6 +17,7 @@ export interface CreateTokenResponseContract {
         name?: string | null;
         permissions: string[];
         expires_at?: Date | null;
+        meta?: TokenMetaContract;
         created_at: Date;
     };
 }
@@ -27,6 +29,13 @@ export interface ResourceScopeRuleContract {
     resource_type: string;
     ids: string[];
 }
+export interface TokenMetaIssuerContract {
+    kind: string;
+    id: string;
+}
+export interface TokenMetaContract {
+    issuer?: TokenMetaIssuerContract;
+}
 export interface RevokeTokenResponseContract {
     success: boolean;
     message: string;
@@ -36,6 +45,7 @@ export interface TokenContract {
     name?: string | null;
     permissions: PermissionContract[];
     scopes?: ScopeContract[];
+    meta?: TokenMetaContract;
     expires_at?: Date | null;
     last_used_at?: Date | null;
     created_at: Date;
@@ -54,4 +64,5 @@ export interface UpdateTokenRequestContract {
     name?: string | null;
     permissions?: PermissionContract[];
     expires_at?: Date | null;
+    meta?: TokenMetaContract;
 }

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fusebase/fusebase-gate-sdk",
-  "version": "2.2.2-sdk.3",
+  "version": "2.2.2-sdk.30",
   "description": "TypeScript SDK for Fusebase Gate APIs - Generated from contract introspection",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",

package/release-notes/2.2.2-sdk.30.md

@@ -0,0 +1,9 @@
+# Release Notes 2.2.2-sdk.30
+
+- Current ref: `HEAD`
+- Previous tag: `v2.2.2-sdk.30`
+- Generated at: 2026-04-06T09:32:22.763Z
+
+## Included Drafts
+
+- None

package/release-notes/latest.md

@@ -1,85 +1,9 @@
-# Release Notes 2.2.2-sdk.3
+# Release Notes 2.2.2-sdk.30
 
 - Current ref: `HEAD`
-- Previous tag: `v2.2.2-sdk.2`
-- Generated at: 2026-03-30T12:29:12.945Z
+- Previous tag: `v2.2.2-sdk.30`
+- Generated at: 2026-04-06T09:32:22.763Z
 
 ## Included Drafts
 
-- `docs/release-notes/2026-03-30-notes-list-ops.md` - 2026-03-30-notes-list-ops
-- `docs/release-notes/2026-03-30-notes-mcp-opaque-ids.md` - 2026-03-30-notes-mcp-opaque-ids
-
-## Summary
-
-### 2026-03-30-notes-list-ops
-
-Add Gate notes read and write endpoints for listing, reading, and creating workspace notes and folders.
-
-### 2026-03-30-notes-mcp-opaque-ids
-
-Notes notes-tool validation and HTTP routing now match the note-service behavior more closely: MCP no longer treats note-service IDs as UUIDs, and the HTTP/SDK notes folder listing route no longer gets shadowed by the generic note-read route.
-
-
-## API / SDK Changes
-
-### 2026-03-30-notes-list-ops
-
-- Added `listWorkspaceNoteFolders` for `GET /:orgId/workspaces/:workspaceId/notes/folders`.
-- Added `listWorkspaceNotes` for `GET /:orgId/workspaces/:workspaceId/notes`.
-- Added `getWorkspaceNote` for `GET /:orgId/workspaces/:workspaceId/notes/:noteId`.
-- Added `createWorkspaceNoteFolder` for `POST /:orgId/workspaces/:workspaceId/notes/folders`.
-- Added `createWorkspaceNote` for `POST /:orgId/workspaces/:workspaceId/notes`.
-- Added the `notes.read` and `notes.write` service permissions for the new note operations.
-
-### 2026-03-30-notes-mcp-opaque-ids
-
-- MCP notes tools no longer require UUID-formatted values for note-service IDs.
-- `GET /:orgId/workspaces/:workspaceId/notes/folders` now resolves to the folder-list operation instead of being captured by `/:noteId`.
-- Service runtime schema registration now overlays explicit opaque-string schemas for notes path/query params.
-
-
-## Consumer Impact
-
-### 2026-03-30-notes-list-ops
-
-- Consumers can now discover workspace note folders, fetch notes under a specific folder, read rendered html for a single note, and create folders or notes through Gate.
-- `listWorkspaceNotes` defaults to the workspace root when `parentId` is omitted.
-- `createWorkspaceNoteFolder` defaults `parentId` to `root`.
-- `createWorkspaceNote` defaults `parentId` to `default` and can append initial text or html content after creation.
-
-### 2026-03-30-notes-mcp-opaque-ids
-
-- MCP consumers can pass real note-service IDs like `workspace-default-1` or `folder-projects-1` without hitting `INVALID_ARGS` UUID validation failures.
-- SDK and raw HTTP consumers can call the notes folder-list endpoint without it being misrouted into note-content fetching.
-- Notes E2E suites now reset fake note fixtures between tests so SDK/MCP coverage stays order-independent.
-
-
-## Verification
-
-### 2026-03-30-notes-list-ops
-
-- `npm run build`
-- `node --loader tsx scripts/build-sdk.mts`
-- `node --loader tsx scripts/generate-mcp-skills.mts`
-- `node --loader tsx scripts/validate-mcp-skills.mts`
-
-### 2026-03-30-notes-mcp-opaque-ids
-
-- `npm run lint -- src/api/contracts/ops/notes/notes.ts src/api/contracts/schemas/runtime-schema-defs.ts src/api/contracts/schemas/runtime-schema-overrides.ts tests/unit/notes-contracts.test.ts tests/unit/notes-controller.test.ts`
-- `npm run test:unit -- --runTestsByPath tests/unit/notes-contracts.test.ts tests/unit/notes-controller.test.ts`
-- `npm run lint -- src/controllers/notes/notes.ts tests/helpers/fake-notes-store.ts tests/helpers/fake-note-service.ts tests/helpers/reset-fake-notes.ts tests/e2e-sdk/notes/0.list-workspace-notes.test.ts tests/e2e-sdk/notes/1.get-workspace-note.test.ts tests/e2e-sdk/notes/2.create-workspace-note.test.ts tests/mcp-e2e/notes/0.list-workspace-notes.test.ts tests/mcp-e2e/notes/1.get-workspace-note.test.ts tests/mcp-e2e/notes/2.create-workspace-note.test.ts tests/unit/notes-controller.test.ts tests/unit/notes-contracts.test.ts tests/unit/notes-routes.test.ts`
-- `npm run test:unit -- --runTestsByPath tests/unit/notes-controller.test.ts tests/unit/notes-contracts.test.ts tests/unit/notes-routes.test.ts`
-- `npm run mcp:skills:generate`
-- `npm run mcp:skills:validate`
-- Blocked locally: `env USE_BUILD_ARTIFACT=true npm run test:mcp-e2e:full` failed because `db:migrate:test` could not connect to MySQL at `localhost:3306`
-
-
-## Follow-ups
-
-### 2026-03-30-notes-list-ops
-
-- Confirm whether client and visitor roles should receive `notes.read` or `notes.write` in read-only org contexts.
-
-### 2026-03-30-notes-mcp-opaque-ids
-
-- Re-run the MCP E2E suite in CI or an environment with the test MySQL instance available to confirm the notes MCP failures are resolved end to end.
+- None

package/release-notes/2.2.2-sdk.3.md

@@ -1,85 +0,0 @@
-# Release Notes 2.2.2-sdk.3
-
-- Current ref: `HEAD`
-- Previous tag: `v2.2.2-sdk.2`
-- Generated at: 2026-03-30T12:29:12.945Z
-
-## Included Drafts
-
-- `docs/release-notes/2026-03-30-notes-list-ops.md` - 2026-03-30-notes-list-ops
-- `docs/release-notes/2026-03-30-notes-mcp-opaque-ids.md` - 2026-03-30-notes-mcp-opaque-ids
-
-## Summary
-
-### 2026-03-30-notes-list-ops
-
-Add Gate notes read and write endpoints for listing, reading, and creating workspace notes and folders.
-
-### 2026-03-30-notes-mcp-opaque-ids
-
-Notes notes-tool validation and HTTP routing now match the note-service behavior more closely: MCP no longer treats note-service IDs as UUIDs, and the HTTP/SDK notes folder listing route no longer gets shadowed by the generic note-read route.
-
-
-## API / SDK Changes
-
-### 2026-03-30-notes-list-ops
-
-- Added `listWorkspaceNoteFolders` for `GET /:orgId/workspaces/:workspaceId/notes/folders`.
-- Added `listWorkspaceNotes` for `GET /:orgId/workspaces/:workspaceId/notes`.
-- Added `getWorkspaceNote` for `GET /:orgId/workspaces/:workspaceId/notes/:noteId`.
-- Added `createWorkspaceNoteFolder` for `POST /:orgId/workspaces/:workspaceId/notes/folders`.
-- Added `createWorkspaceNote` for `POST /:orgId/workspaces/:workspaceId/notes`.
-- Added the `notes.read` and `notes.write` service permissions for the new note operations.
-
-### 2026-03-30-notes-mcp-opaque-ids
-
-- MCP notes tools no longer require UUID-formatted values for note-service IDs.
-- `GET /:orgId/workspaces/:workspaceId/notes/folders` now resolves to the folder-list operation instead of being captured by `/:noteId`.
-- Service runtime schema registration now overlays explicit opaque-string schemas for notes path/query params.
-
-
-## Consumer Impact
-
-### 2026-03-30-notes-list-ops
-
-- Consumers can now discover workspace note folders, fetch notes under a specific folder, read rendered html for a single note, and create folders or notes through Gate.
-- `listWorkspaceNotes` defaults to the workspace root when `parentId` is omitted.
-- `createWorkspaceNoteFolder` defaults `parentId` to `root`.
-- `createWorkspaceNote` defaults `parentId` to `default` and can append initial text or html content after creation.
-
-### 2026-03-30-notes-mcp-opaque-ids
-
-- MCP consumers can pass real note-service IDs like `workspace-default-1` or `folder-projects-1` without hitting `INVALID_ARGS` UUID validation failures.
-- SDK and raw HTTP consumers can call the notes folder-list endpoint without it being misrouted into note-content fetching.
-- Notes E2E suites now reset fake note fixtures between tests so SDK/MCP coverage stays order-independent.
-
-
-## Verification
-
-### 2026-03-30-notes-list-ops
-
-- `npm run build`
-- `node --loader tsx scripts/build-sdk.mts`
-- `node --loader tsx scripts/generate-mcp-skills.mts`
-- `node --loader tsx scripts/validate-mcp-skills.mts`
-
-### 2026-03-30-notes-mcp-opaque-ids
-
-- `npm run lint -- src/api/contracts/ops/notes/notes.ts src/api/contracts/schemas/runtime-schema-defs.ts src/api/contracts/schemas/runtime-schema-overrides.ts tests/unit/notes-contracts.test.ts tests/unit/notes-controller.test.ts`
-- `npm run test:unit -- --runTestsByPath tests/unit/notes-contracts.test.ts tests/unit/notes-controller.test.ts`
-- `npm run lint -- src/controllers/notes/notes.ts tests/helpers/fake-notes-store.ts tests/helpers/fake-note-service.ts tests/helpers/reset-fake-notes.ts tests/e2e-sdk/notes/0.list-workspace-notes.test.ts tests/e2e-sdk/notes/1.get-workspace-note.test.ts tests/e2e-sdk/notes/2.create-workspace-note.test.ts tests/mcp-e2e/notes/0.list-workspace-notes.test.ts tests/mcp-e2e/notes/1.get-workspace-note.test.ts tests/mcp-e2e/notes/2.create-workspace-note.test.ts tests/unit/notes-controller.test.ts tests/unit/notes-contracts.test.ts tests/unit/notes-routes.test.ts`
-- `npm run test:unit -- --runTestsByPath tests/unit/notes-controller.test.ts tests/unit/notes-contracts.test.ts tests/unit/notes-routes.test.ts`
-- `npm run mcp:skills:generate`
-- `npm run mcp:skills:validate`
-- Blocked locally: `env USE_BUILD_ARTIFACT=true npm run test:mcp-e2e:full` failed because `db:migrate:test` could not connect to MySQL at `localhost:3306`
-
-
-## Follow-ups
-
-### 2026-03-30-notes-list-ops
-
-- Confirm whether client and visitor roles should receive `notes.read` or `notes.write` in read-only org contexts.
-
-### 2026-03-30-notes-mcp-opaque-ids
-
-- Re-run the MCP E2E suite in CI or an environment with the test MySQL instance available to confirm the notes MCP failures are resolved end to end.