@fusebase/fusebase-gate-sdk 2.2.21-sdk.5 → 2.2.21-sdk.8

package/dist/apis/IsolatedStoresApi.d.ts

@@ -73,6 +73,19 @@ export declare class IsolatedStoresApi {
         headers?: Record<string, string>;
         body: IsolatedStoreSqlCountRequestContract;
     }): Promise<IsolatedStoreSqlCountResponseContract>;
+    /**
+     * Count rows with RLS bypass
+     * Counts rows in a postgres table through the explicit audited RLS-bypass read path. Intended for Studio/admin data explorer views only; normal runtime reads must use countIsolatedStoreSqlRows.
+     */
+    countIsolatedStoreSqlRowsRlsBypass(params: {
+        path: {
+            orgId: orgIdInPathRequired;
+            storeId: IsolatedStoreIdInPathRequired;
+            stage: IsolatedStoreStageInPathRequired;
+        };
+        headers?: Record<string, string>;
+        body: IsolatedStoreSqlCountRequestContract;
+    }): Promise<IsolatedStoreSqlCountResponseContract>;
     /**
      * Create isolated store
      * Registers a low-level store and binds it to the organization scope plus an isolated source scope such as app.
@@ -379,6 +392,19 @@ export declare class IsolatedStoresApi {
         headers?: Record<string, string>;
         body: IsolatedStoreSqlSelectRequestContract;
     }): Promise<IsolatedStoreSqlSelectResponseContract>;
+    /**
+     * Select rows with RLS bypass
+     * Reads rows through the explicit audited RLS-bypass read path. Intended for Studio/admin data explorer views only; normal runtime reads must use selectIsolatedStoreSqlRows.
+     */
+    selectIsolatedStoreSqlRowsRlsBypass(params: {
+        path: {
+            orgId: orgIdInPathRequired;
+            storeId: IsolatedStoreIdInPathRequired;
+            stage: IsolatedStoreStageInPathRequired;
+        };
+        headers?: Record<string, string>;
+        body: IsolatedStoreSqlSelectRequestContract;
+    }): Promise<IsolatedStoreSqlSelectResponseContract>;
     /**
      * Update rows
      * Updates rows in a postgres table using structured filters. Filterless updates are blocked unless allowAll=true is explicitly set.

package/dist/apis/IsolatedStoresApi.js

@@ -86,6 +86,21 @@ class IsolatedStoresApi {
             expectedContentType: "application/json",
         });
     }
+    /**
+     * Count rows with RLS bypass
+     * Counts rows in a postgres table through the explicit audited RLS-bypass read path. Intended for Studio/admin data explorer views only; normal runtime reads must use countIsolatedStoreSqlRows.
+     */
+    async countIsolatedStoreSqlRowsRlsBypass(params) {
+        return this.client.request({
+            method: "POST",
+            path: "/:orgId/isolated-stores/:storeId/stages/:stage/sql/rows/count/rls-bypass",
+            pathParams: params.path,
+            headers: params.headers,
+            body: params.body,
+            opId: "countIsolatedStoreSqlRowsRlsBypass",
+            expectedContentType: "application/json",
+        });
+    }
     /**
      * Create isolated store
      * Registers a low-level store and binds it to the organization scope plus an isolated source scope such as app.
@@ -438,6 +453,21 @@ class IsolatedStoresApi {
             expectedContentType: "application/json",
         });
     }
+    /**
+     * Select rows with RLS bypass
+     * Reads rows through the explicit audited RLS-bypass read path. Intended for Studio/admin data explorer views only; normal runtime reads must use selectIsolatedStoreSqlRows.
+     */
+    async selectIsolatedStoreSqlRowsRlsBypass(params) {
+        return this.client.request({
+            method: "POST",
+            path: "/:orgId/isolated-stores/:storeId/stages/:stage/sql/rows/select/rls-bypass",
+            pathParams: params.path,
+            headers: params.headers,
+            body: params.body,
+            opId: "selectIsolatedStoreSqlRowsRlsBypass",
+            expectedContentType: "application/json",
+        });
+    }
     /**
      * Update rows
      * Updates rows in a postgres table using structured filters. Filterless updates are blocked unless allowAll=true is explicitly set.

package/dist/apis/PortalsApi.d.ts

@@ -45,7 +45,7 @@ export declare class PortalsApi {
     }): Promise<PortalDetailContract>;
     /**
      * Invite a user to a portal
-     * Invites a user (client, member, or manager) to a portal via a magic link. For orgRole='client' (default): isFullAccess controls access to private pages (default true). For orgRole='member' or 'manager': always full access, isFullAccess is ignored. Returns a magic link for direct portal access without email confirmation. IMPORTANT — before calling this operation for a client invite (orgRole='client' or unspecified): ALWAYS ask the user 'Full access (all pages) or Shared only (public pages)?' and wait for their answer before proceeding. Do NOT silently assume a default.
+     * Invites a user (client, member, or manager) to a portal via a magic link. For orgRole='client' (default): isFullAccess controls access to private pages (default true). For orgRole='member' or 'manager': always full access, isFullAccess is ignored. Returns a magic link for direct portal access without email confirmation. Invarian — before calling this operation for a client invite (orgRole='client' or unspecified): ALWAYS ask the user 'Full access (all pages) or Shared only (public pages)?' and wait for their answer before proceeding. Do NOT silently assume a default.
      */
     inviteToPortal(params: {
         path: {

package/dist/apis/PortalsApi.js

@@ -57,7 +57,7 @@ class PortalsApi {
     }
     /**
      * Invite a user to a portal
-     * Invites a user (client, member, or manager) to a portal via a magic link. For orgRole='client' (default): isFullAccess controls access to private pages (default true). For orgRole='member' or 'manager': always full access, isFullAccess is ignored. Returns a magic link for direct portal access without email confirmation. IMPORTANT — before calling this operation for a client invite (orgRole='client' or unspecified): ALWAYS ask the user 'Full access (all pages) or Shared only (public pages)?' and wait for their answer before proceeding. Do NOT silently assume a default.
+     * Invites a user (client, member, or manager) to a portal via a magic link. For orgRole='client' (default): isFullAccess controls access to private pages (default true). For orgRole='member' or 'manager': always full access, isFullAccess is ignored. Returns a magic link for direct portal access without email confirmation. Invarian — before calling this operation for a client invite (orgRole='client' or unspecified): ALWAYS ask the user 'Full access (all pages) or Shared only (public pages)?' and wait for their answer before proceeding. Do NOT silently assume a default.
      */
     async inviteToPortal(params) {
         return this.client.request({

package/dist/apis/WorkspacesApi.d.ts

@@ -5,10 +5,21 @@
  * Domain: workspaces
  */
 import type { Client } from "../runtime/transport";
-import type { orgIdInPathRequired, OrgWorkspaceListResponseContract } from "../types";
+import type { CreateWorkspaceRequestContract, orgIdInPathRequired, OrgWorkspaceContract, OrgWorkspaceListResponseContract } from "../types";
 export declare class WorkspacesApi {
     private client;
     constructor(client: Client);
+    /**
+     * Create a new workspace
+     * Creates a new workspace in the organization. Returns the created workspace details. Requires org.write and org access.
+     */
+    createWorkspace(params: {
+        path: {
+            orgId: orgIdInPathRequired;
+        };
+        headers?: Record<string, string>;
+        body: CreateWorkspaceRequestContract;
+    }): Promise<OrgWorkspaceContract>;
     /**
      * List organization workspaces
      * Returns workspaces visible for the caller in the organization and marks the default workspace. Requires org.read and org access.

package/dist/apis/WorkspacesApi.js

@@ -11,6 +11,21 @@ class WorkspacesApi {
     constructor(client) {
         this.client = client;
     }
+    /**
+     * Create a new workspace
+     * Creates a new workspace in the organization. Returns the created workspace details. Requires org.write and org access.
+     */
+    async createWorkspace(params) {
+        return this.client.request({
+            method: "POST",
+            path: "/:orgId/workspaces",
+            pathParams: params.path,
+            headers: params.headers,
+            body: params.body,
+            opId: "createWorkspace",
+            expectedContentType: "application/json",
+        });
+    }
     /**
      * List organization workspaces
      * Returns workspaces visible for the caller in the organization and marks the default workspace. Requires org.read and org access.

package/dist/types/index.d.ts

@@ -16,7 +16,7 @@ export * from "./mcp-manager/mcp-manager";
 export type { MeAuthContract, MeOrgGroupContract, MeResponseContract, MeScopeContract, MeUserContract } from "./me/me";
 export * from "./note/note";
 export * from "./org-group/org-group";
-export type { OrgInviteContract, OrgMagicLinkContract, OrgPortalContract, OrgPortalListResponseContract, OrgUserAddRequestContract, OrgUserAddResponseContract, OrgUserContract, OrgUserListResponseContract, OrgWorkspaceContract, OrgWorkspaceInviteContract, OrgWorkspaceListResponseContract, OrgWorkspaceMemberContract } from "./org-user/org-user";
+export type { CreateWorkspaceRequestContract, OrgInviteContract, OrgMagicLinkContract, OrgPortalContract, OrgPortalListResponseContract, OrgUserAddRequestContract, OrgUserAddResponseContract, OrgUserContract, OrgUserListResponseContract, OrgWorkspaceContract, OrgWorkspaceInviteContract, OrgWorkspaceListResponseContract, OrgWorkspaceMemberContract } from "./org-user/org-user";
 export type { CreatePortalRequestContract, CreatePortalResponseContract, DuplicatePortalRequestContract, InviteToPortalRequestContract, InviteToPortalResponseContract, PortalDetailContract, globalIdInPathRequired } from "./portals/portals";
 export * from "./shared/common";
 export * from "./shared/enums";

package/dist/types/org-user/org-user.d.ts

@@ -69,6 +69,10 @@ export interface OrgWorkspaceContract {
 export interface OrgWorkspaceListResponseContract {
     workspaces: OrgWorkspaceContract[];
 }
+export interface CreateWorkspaceRequestContract {
+    /** Display name for the new workspace. Required. */
+    title: string;
+}
 export interface OrgPortalContract {
     id: string;
     orgId: string;

package/dist/types/shared/enums.d.ts

@@ -1,6 +1,6 @@
 export type OrgRoleContract = "owner" | "manager" | "member" | "client" | "guest" | "visitor";
 export type PermissionContract = string & {
-    __pattern: "^[^.]+\\.(?:[^.]+\\.)?(read|write|delete|execute)$";
+    __pattern: "^[^.]+\\.(?:[^.]+\\.)?(read|write|delete|execute|create|manage)$";
 };
 export type RootEntityContract = "custom" | "portal" | "workspace" | "org" | "user" | "client" | "form" | "form-response" | "tracker" | "tracker-result" | "meeting";
 export type ScopeTypeContract = "org" | "workspace" | "portal" | "user" | "client" | "block" | "tracker" | "parent_row" | "parent_table";

package/dist/types/shared/enums.js

@@ -37,7 +37,7 @@ exports.ScopeTypeContract = {
 exports.ScopeTypeOrgContract = {
     Org: "org"
 };
-const PERMISSION_RE = /^[^.]+\.(?:[^.]+\.)?(read|write|delete|execute)$/;
+const PERMISSION_RE = /^[^.]+\.(?:[^.]+\.)?(read|write|delete|execute|create|manage)$/;
 function asPermission(value) {
     if (!PERMISSION_RE.test(value)) {
         throw new Error(`Invalid permission: ${value}`);

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@fusebase/fusebase-gate-sdk",
-  "version": "2.2.21-sdk.5",
+  "version": "2.2.21-sdk.8",
   "description": "TypeScript SDK for Fusebase Gate APIs - Generated from contract introspection",
   "main": "./dist/index.js",
   "types": "./dist/index.d.ts",

package/release-notes/2.2.21-sdk.8.md

@@ -0,0 +1,9 @@
+# Release Notes 2.2.21-sdk.8
+
+- Current ref: `HEAD`
+- Previous tag: `v2.2.21-sdk.8`
+- Generated at: 2026-06-04T14:59:09.554Z
+
+## Included Drafts
+
+- None

package/release-notes/latest.md

@@ -1,8 +1,8 @@
-# Release Notes 2.2.21-sdk.5
+# Release Notes 2.2.21-sdk.8
 
 - Current ref: `HEAD`
-- Previous tag: `v2.2.21-sdk.5`
-- Generated at: 2026-06-04T12:26:04.829Z
+- Previous tag: `v2.2.21-sdk.8`
+- Generated at: 2026-06-04T14:59:09.554Z
 
 ## Included Drafts
 

package/release-notes/2.2.21-sdk.5.md

@@ -1,9 +0,0 @@
-# Release Notes 2.2.21-sdk.5
-
-- Current ref: `HEAD`
-- Previous tag: `v2.2.21-sdk.5`
-- Generated at: 2026-06-04T12:26:04.829Z
-
-## Included Drafts
-
-- None